Privacy Policy
ZTE Corporation and its subsidiaries (collectively, "ZTE", "us", "we", or "our") understand the importance of personal data to you and try our best to protect the security and accountability of your personal data. We ensure that we apply appropriate security measures to protect your personal data in accordance with high-level industry security standards.
This Privacy Policy applies to ZTE SRM website. Except for the collection and use of relevant data as described in this Privacy Policy, this Privacy Policy does not apply to the other services provided to you by our third-party service providers and other third parties. If you have any questions, comments or suggestions, you may contact us at the following email address: Privacy@zte.com.cn
This Privacy Policy provides you with a full understanding of how the SRM website may collect, use, store, share and transfer your personal data, as well as your rights and how to exercise them. The key points are as follows:
We will describe each type of personal data we collect from you and our use of them, so that you can understand, under a certain function, the types of personal data we collect, the purpose for use, and the manner in which they are collected.
Upon your consent, we may collect your sensitive personal data when you use certain functions. Unless such collection is required by relevant laws and regulations, your refusal to provide such data will not affect the normal use of the other functions of the SRM website than the specific relevant functions.
Unless otherwise stated in this Privacy Policy, we will not willfully share or transfer your personal data with any third party other than ZTE. In the case of any other sharing or transfer of your personal data, we will obtain your explicit consent of the relevant processes directly, unless otherwise prescribed by laws and regulations or when necessary for the protection of users' rights and interests. In addition, we will conduct risk assessment of the data external sharing / transfer activities.
We will not willfully obtain your personal data from any third party other than ZTE. If our business development requires your personal data from third parties, we will verify the legality of the source, or explicitly inform you of the source, type, use scope of your personal data prior to the obtainment. If the processing of your personal data required to carry out our business for SRM website exceeds the scope of consent which you made when providing personal data to the third party, we will obtain your explicit consent prior to such processing of your personal data. In addition, we will strictly comply with relevant laws and regulations and require the third party to ensure the legality of the data it provides.
You may access, rectify, copy, and delete your personal data by the ways and means set forth in this Privacy Policy. You may also withdraw consent, cancel accounts, lodge complaints and reports, and use privacy functions such as personalized settings.
For more detailed information, please read the corresponding sections according to the index below:
1. How We Collect and Use Your Personal Data
2. How Long We Retain Your Personal Data
3. How We Use SDKs, Cookies and Similar Technologies
4. How We Share, Transfer and Disclose Your Personal data
6. Cross-Border Transfer of Your Personal Data
7. How We Protect Minors' Personal Data
8. How We Keep Your Personal Data Safe
Appendix: Relevant Definitions
1. How We Collect and Use Your Personal Data
We may collect your personal data when you use our products and services. Depending on the product or service you use, the specific types of data we collect will vary, including the following two types:
1) In order to provide you with the basic functions of our SRM website, you will need to authorize us to collect and use the data that is necessary for those functions. If you refuse to provide such data, you will not be able to normally use our products and/or services;
2) In order to provide you with the additional functions of our SRM website, you may choose to consent to or refuse our collection and use of data. If you refuse to provide such data, you will not be able to normally use the relevant additional functions or achieve the functional results we intend. However, your use of the basic functions will not be affected.
In particular, we remind you that we are committed to creating a wide variety of products and services to meet your needs. As we provide you with a wide variety of products and services, and different users use different sets of products/services, the basic/additional functions and the corresponding types and scopes of personal data to be collected and used may vary. Please refer to the specific functions of the products/services.
1.1 Our products and/or services collect personal data as follows:
1.1.1 Basic services
On the condition of your consent to use our products/services, we provide services to you based on your registered account. To create your account and meet the business cooperation requirements, you need to provide us with at least your name, gender, nationality, ID type, ID number, birth year, telephone number, personal mailbox, scanned copy of your ID card, city and postcode. If you refuse to provide the above data, you will not be able to register your account and conduct business cooperation. In order to confirm your identity, we may verify your identity based on the above data you provide.
1) Account Registration and Business Cooperation
When you create an account on the SRM website, we need to collect your personal mailbox, name, ID type, ID number, nationality, and a scanned copy of your ID card. Your personal mailbox is the account you use to log in to the system. The name, ID number, and nationality will be used for PO issuance and settlement during business cooperation. To verify the accuracy of your identity, we need you to provide a scanned copy of your ID card. Once the identity verification is complete, the scanned copy of your ID card will be deleted.
2) Task Arrangement
When personnel leasing is involved in the business cooperation with ZTE, we will use your name, telephone number, and personal mailbox for communication. To help ensure your health and safety, we will use your gender and year of birth to schedule the right job position and assignment.
3) Individual Party Screening
ZTE and its subsidiaries comply with applicable international export control laws, including the Export Administration Regulations (EAR). To conduct restricted party screening in accordance with the relevant international export control laws, we need to collect your name and nationality. If you are located in Russia or Ukraine, we also need your postcode and address.
In addition, you may also fill in data such as business department, position, and communication address according to your needs. If you refuse to fill in the above data, the normal use of your account will not be affected.
Your personal data will be deleted or anonymized once you have made it clear by email that you no longer collaborate with ZTE and that the data need to be deleted.
1.2 Our indirect collection of your personal data from third parties (only your employer)
We may collect (e.g., share) your personal data from third parties only if we have determined that the third party has obtained your consent to share such personal data with us, or if the third party is lawfully permitted or required to disclose your personal data to us.
We will inspect the scope of the consent regarding personal data obtained by the third party, including the purpose of use, and whether and to what extent you have agreed to the transfer, sharing, disclosure, deletion, etc.
Personal data obtained from third parties will be used for the purpose of providing services to you and for ensuring the accuracy of any records we may hold relating to you. If we process your personal data beyond the scope of your consent given to the third party, we will obtain your consent directly from you or through the third-party data provider prior to our processing.
1.3 Exceptions to obtaining consent
Pursuant to applicable laws and regulations, we may process your personal data without your prior consent in the following circumstances:
1) Necessary for us to fulfill legal obligations or responsibilities;
2) Necessary for the conclusion and performance of a contract to which you are a party;
3) To deal with public health emergencies, or, in case of emergency, to protect natural persons' life, health, and property safety;
4) Processing, within a reasonable range in accordance with law, either the personal data which you have publicly disclosed or other personal data that have already been legally and publicly disclosed; or
5) Other circumstances prescribed by the applicable laws and regulations.
In an emergency situation, in order to protect your life, health and property or that of other individuals, we may process your personal data while being unable to notify you in a timely manner. We will notify you of the situation as soon as the emergency situation is over.
In some cases, to ensure the security of our services, or to help us better understand the performance of our products or services, we may use other data you provide to us or disclose to us in the course of your interaction with us, such as how often you use the applications, crash data, total usage, performance data and the source of the applications. We will not combine the data we store in analytical software with any identifiable personal data you provide.
Please understand that the functions and services we provide to you are constantly updated and developed. If the collection or use of your personal data for certain functions or services are not informed in this Privacy Policy, we will separately inform you of the scope, purpose and collection method of your personal data through page prompts, interaction processes, website announcements and other methods and may obtain your consent.
If we use your personal data for purposes beyond the scope of your authorization or beyond the scope of directly or reasonably related to our provision of services, we will notify you again and obtain your explicit consent prior to using your personal data.
2. How Long We Retain Your Personal Data
If not specifically stated in this Privacy Policy, we will retain your personal data for the period necessary to achieve the purposes stated in this Privacy Policy, unless an extended retention period is required, authorized or permitted by law. In different scenarios and different products and services, the storage period of data may be different. The standards we use to determine the storage period (whichever the longer) include:
1) The period of time that personal data needs to be retained for the purpose of the business, including providing products and services, maintaining corresponding transaction and business records, controlling and improving the performance and quality of products and services, ensuring the security of systems, products and services, responding to possible user inquiries or complaints, and identifying problems;
2) Whether the user agrees to a longer retention period;
3) Whether there are special requirements for data retention in laws or contracts, etc.
When operation of the product/service/website ceases, we will notify you by pushing notice, public announcement or other methods, and delete or anonymize your personal data within a reasonable period of time.
3. How We Use SDKs, Cookies, and Similar Technologies
3.1 Cookies and similar technologies
Our websites use cookies and other similar technologies to distinguish you from other users. Therefore, when you browse our websites, we will provide you with better user experience, and keep improving our websites.
A cookie is a small file of letters and digits. If you agree, we will store the cookies in the memory or hard drive of your computer or mobile device, and then use such cookies as labels for identifying your computer or mobile device.
Cookies are often classified as "session cookies" or "persistent cookies". Session cookies help you effectively browse our websites and track your page-to-page progress, so that you do not need to repeat the information you provide for the current visit. For instance, when you switch the web pages, your shopping cart will not be cleared. Session cookies are stored in the temporary memory and are deleted when the browser is closed. Persistent cookies can store the user preferences, which are stored on your device and are still valid when you restart your browser. For instance, we use the persistent cookies to record your selected language, country/region, font size, or the settings. With the help of cookies, you do not need to reconfigure the settings when you access our websites next time.
You may clear all cookies stored on your computer, or directly delete all cookies stored on your device. However, if you do so, you need to change the settings every time you access our websites. Most browsers have the ability to block the cookies. If you wish to manage the cookies through the browsers, you may consult the instructions of browser developers, or search the internet. For more information about cookies, please check the website AboutCookies.org.
In addition to cookies, we will use web beacons, pixel tags, and other similar technologies on our websites. For instance, we will send an account activation link to your mailbox. By using the aforesaid technologies to track your clicks on our websites, we can know your preferences for our products and services, and improve the service for our customers. Usually, web beacons are transparent images that are embedded in the websites or emails. With the help of pixel tags in emails, we can know whether the emails are opened or not. If you wish that your behaviors would not be tracked by this means, you can, at any time, change the setting of your mailbox to reject the tracking, or log in to our related service websites to unsubscribe our mail service.
If you set the "Do Not Track" function in your browser, our service websites will respect your choice.
In that case, we will not use cookies for the aforesaid purposes.
4. How We Share, Transfer and Disclose Your Personal Data
4.1 We will not share your personal data with any company, organization or individual other than ZTE and its subsidiaries, except in the following circumstances:
1) Sharing with your explicit consent: We may share your personal data with other parties upon your separate consent.
2) We may share your personal data in accordance with the mandatory requirements by either laws and regulations or government authorities.
3) Sharing with our affiliates: Your personal data may be shared with our affiliates. We will only share personal data that is necessary for our purposes and subject to the purposes stated in this Privacy Policy. If the affiliates wish to change the purposes for which their personal data is handled, they will again ask for your consent.
4) Sharing with authorized business partners: Some of our services will be provided by authorized business partners solely for the purposes stated in this Privacy Policy. We may share certain personal data with our partners to provide better customer service and user experience.
4.2 We will not transfer your personal data to any company, organization or individual, except in the following circumstances:
1) Assignment with your separate consent: We may transfer your personal data to other parties with your separate consent;
2) If a merger, division, dissolution or bankruptcy involves transfer of your personal data, we will promptly notify you of the name and contact details of the recipient of your personal data, and request that the recipient (company, organization or individual) of your personal data continues to be bound by this Privacy Policy. Otherwise, we will require the recipient to seek consent from you again.
4.3 We will disclose your personal data only in the following circumstances:
1) With your separate consent; or
2) Disclosure required by law: We may disclose your personal data in accordance with the mandatory requirements by laws, legal proceedings, litigations or government authorities.
You have various legal rights regarding the personal data we process. These rights may differ in different countries or regions, but mainly include the following:
If you want to access your personal data, you may do so as via the following modules: subcontractor certification, subcontractor human resource management, and human resources maintenance on https://supply.zte.com.cn/nsscm.
5.2 Correct or supplement your personal data
If you find there is an error in your personal data that we process, you have the right to make corrections or supplements. You may make corrections or supplements in the ways listed under "5.1 Access your personal data".
You may delete your personal data in the following circumstances:
1) If we process your personal data in a way that violates a law or regulation;
2) If we process your personal data in a way that violates a provision of this Privacy Policy;
3) If the purpose of processing your personal data as defined by this Privacy Policy has been fulfilled, cannot be fulfilled or the personal data is no longer necessary to fulfill that purpose;
4) If you no longer use our products or services or if you have canceled your account;
5) If you change the scope of the consent so that we no longer have the right to process your personal data;
6) If we no longer provide you with products or services or if the retention period has expired.
If you want to delete your personal information, you can send an email to Privacy@zte.com.cn at any time, and we will respond to your request for correction within fifteen workdays.
Once you have successfully deleted your personal data, we will also, to the extent practicable, notify the parties from who obtained your personal data from us and require them to promptly delete them, unless otherwise required by laws or regulations or when the parties received your separate authorization. Due to the limitations given by applicable laws, regulations or security technologies, after you delete data on your own or with our assistance, we may not immediately delete the corresponding data from the backup system; we will securely store your personal data and restrict further processing and delete such data when updating the backup system.
5.4 Change the scope of your consent
Please understand that each of our business functions requires certain basic personal data. If you withdraw your consent or authorization, we may not be able to continue to provide you with the corresponding services. If the data is necessary for us to perform our obligations under laws or regulations or to provide basic services, we may not be able to respond to your requests or your use of our services may be affected. If you withdraw your consent, we will no longer process your relevant personal data. Your decision to withdraw your consent will not affect any previous processing of personal data that was based on your consent.
If you need to change the scope of your authorization, you can send an email to Privacy@zte.com.cn at any time, and we will respond to your request within fifteen workdays.
You can request to sign out of a previously registered account at any time by sending an email to Privacy@zte.com.cn.
After your account is closed, we will cease to provide you with products or services and delete or anonymize your personal data in accordance to this Privacy Policy.
5.6 Copy, transfer your personal data
At present, users cannot copy or transfer personal information independently. For further assistance, you can send an email to Privacy@zte.com.cn, and we will respond to your request within 15 workdays.
5.7 Responding to your above requests
If your request cannot be fulfilled as above, you may send us a written request by mailing a letter to our address or by email provided in Section 10 of this Privacy Policy. We will respond to your request by letter, email or any other appropriate means. For security reasons, we may require you to make a written request or provide information or documents for identification verification. We will respond to your request within 15 business days after we have verified your identity and clarified your request. We may not be able to fulfil the rights which you do not have under applicable laws, e.g. accessing other individuals' personal data.
When you ask us to make corrections or cease the processing of your personal data, we will delete or correct the data promptly after we confirm that the data is incorrect or that we should cease the processing. If we confirm otherwise, we will notify you promptly and keep your complaint on record.
6. Data Cross-Border Transfer of Your Personal Data
In principle, the personal data that we collect in the People's Republic of China is stored in the People's Republic of China.
If we transfer your personal data to another country or territory, we will take reasonable steps to ensure that your personal data receives the equivalent level of protection as set out in this Privacy Policy. Where required by laws or regulations, we may obtain your separate consent for cross-border transfers of your personal data and conduct security assessments to adequately control the risks and protect the security of your personal data.
7. How We Protect Minors' Personal Data
We attach great importance to the protection of minors' personal data. If you are a minor under the age of 18 or other age pursuant to relevant laws and regulations, you should read and decide whether to agree to this Privacy Policy under the direction of your parent or other legal guardian prior to using SRM website.
Although local laws and customs define a "child" differently, we consider any person under the age of 14 to be a "child". For children under the age of 14, we do not collect personal data without the consent of the child's parent or guardian. For children whose personal data we have collected with the parent or guardian's consent, we will only collect and use such data where the parent or guardian has given their explicit consent, as required by local law. If we collect personal data from a child without verifiable prior consent from a parent or guardian, we will seek to delete the data as soon as possible.
If you are the guardian of a minor, you may contact us via the contact details set out in Section 10 if you have queries about the personal data of the minor under your guardianship.
8. How We Keep Your Personal Data Safe
8.1 We take appropriate physical, organizational and technical measures, such as access control system, monitoring system, encryption, anonymization and pseudonymization, to protect your personal data against unauthorized access, use, disclosure, modification, damage, loss or other forms of illegal processing. Our information security policies and procedures are designed in strict accordance with international standards, and reviewed and updated regularly. In addition, we invite third parties to inspect our security measures to ensure that our security measures meet the requirements for our business, technical changes, and supervision.
8.2 ZTE headquarters in China and some of the subsidiaries have passed the ISO/IEC 27001:2013 Information Security Management System certification and can effectively protect your personal data. ZTE's terminal products, 5G products, core network products, digital technology products and human resource system have been successfully certified with ISO/IEC 27701:2019 Privacy Information Management System. ZTE 5G is the world's first 5G product certified by ISO 27701 and it indicates that ZTE is capable of providing global customers with secure and reliable 5G products and solutions, and delivering high-quality 5G networks.
8.3 In the event of a security incident involving your personal data, we will actively take remedial measures and fulfill our notification obligation, which may include notifying you of the basic information and possible impact of the security incident, the measures we have taken or will take to deal with the incident, and the suggestions on prevention and mitigation of risks you may take on your own initiatives. We will endeavor to notify you in a timely manner by phone, email or push notice.
8.4 We endeavor to protect your personal data. We also ask you to understand that no security measure can be perfect. We have emergency procedures in place. If you know or have reason to believe that your personal data has been lost, stolen, misappropriated or otherwise breached, or if there is any actual or suspected theft of your personal data, you may contact us in accordance with Section 10 of this Privacy Policy.
We may update this Privacy Policy from time to time as applicable laws and regulations change and our products/services continue to improve. If there is any revision to this Privacy Policy, we will promptly provide you with the latest version of this Privacy Policy by publishing it in our products/services. In the event of major changes, we will also use more prominent notice methods (such as a pop-up notification or send an update notification to your reserved email address).
Major changes referred to in this Privacy Policy include but are not limited to:
1) Significant changes in our service model, such as changes in the purpose of processing personal data, the type of processed personal data, and the mode of using personal data;
2) Major changes in the ownership structure and organizational structure, such as changes in owners caused by business adjustment, bankruptcy, or mergers and acquisitions;
3) Changes in the major parties whom personal data are shared with, transferred or disclosed to;
4) Significant changes in your rights regarding personal data and the ways you exercise the rights;
5) Changes in our department responsible for personal data issues, our contacts, or the channels to lodge a complaint;
6) A high risk is indicated in the personal data protection impact assessment report.
If you have any comments, suggestions or questions in relation to this Privacy Policy, or have any requests or inquiries about your personal data, you may contact us at Privacy@zte.com.cn or at the following mailing information: Data Protection Compliance Department of ZTE Corporation, address: No. 55, Keji Road South, Nanshan District, Shenzhen, P.R.China. If you are in the EEA, you may also contact our DPO in the EEA: Marco Costantini, email: marco.costantini@zte.com.cn, tel.: + 39 3701296535.
In general, we will reply to your request to exercise rights and your inquiries within 15 business days. If there are special local regulations regarding response time, such regulations shall be followed. If you are not satisfied with our reply or when you believe that our processing of personal data may violate your legal rights, you may also seek resolution by filing a complaint to the relevant authority or other external channels.
Appendix: Relevant Definitions
"SRM website" refers to the Supplier Relationship Management website.
"Personal data" refers to all kinds of data related to identified or identifiable natural persons recorded by electronic or other means, excluding anonymized data.
"Sensitive personal data" refers to the personal data that is likely to result in damage to the personal dignity of a natural person or damage to his or her personal or property safety once disclosed or illegally used, including data such as biometric identification, religious belief, specific identity, medical health, financial account and whereabouts and tracks, as well as children's personal data.
"Anonymization" refers to the process in which personal data is processed so that it is impossible to identify certain natural persons and that it cannot be recovered.
"pseudonymization" refers to the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;
"Children" refer to minors under the age of 14 or the minors whose personal data are categorized as sensitive or special personal data due to their age as stipulated by the law of their residence country.