PRIVACY POLICY

 ZHEJIANG CFMOTO POWER CO., LTD

ZEEHO RIDE MOBILE APPLICATION

This Privacy Policy (“Policy”) describes ZHEJIANG CFMOTO POWER CO., LTD’s (“CFMOTO”) use of your data. References in this Policy to CFMOTO, we or us shall mean ZHEJIANG CFMOTO POWER CO., LTD, Add: NO.116,Wuzhou Road, Yuhang Economic Development Zone, Hangzhou 311100, Zhejiang Province, China.

We would like to emphasize that we take the protection of your privacy and your personal data very seriously and that we process your data in accordance with applicable data protection laws.

With the below, we would like to explain you in more detail which personal data we collect and process in connection with the mobile application for our vehicles, ZEEHO RIDE (“App”) and how we use this data.

What data do we collect?

We collect and process personal data about you when you interact with us, our vehicle and our App, and when you purchase goods and services from us. This includes the following:

· App Store Information: When downloading the App, the information required for doing so is transmitted to the ‘App Store’, in particular the username, email address and customer number of your account, time of the download and the individual device designation number. We process this data only to the extent necessary for downloading the App to your mobile device. The data is not stored for any other purpose.

· Account Information: When you register with an account to the App, we will need to obtain your username, email and phone number; based on your voluntary entering of additional information, we will also collect profile photo. This information is collected to help you complete your App account registration so that we can provide our services and protect the security of your account.

· App, Device and Usage Information: Depending on your use of the App and on your App settings, we might collect data generated in connection with your use of the app. This data might be collected directly through parts of the App or the third party SDK’s embedded in the App. The relevant data includes

o Your browsing duration within the app and your click and behaviour in the App;

o Your used traffic commodity;

o your App settings and device identifiers (such as App language, operating system information (name and version); system language; name and version of application (including database version); device information (brand and model); IP address; provider name; signal strength (UMTS, LTE); Wi-Fi signal strength; SD-card use; and information on type of use (e.g. which functions were used and when);

o Geolocation data through the App;

o Maintenance information voluntarily provided by users through App;

o Contact details in your address book [we only have access to the information subject to your permission but do not store the information];

o Your media files (subject to your permission).

· Vehicle Data: By the use of the vehicle, following data is generated and shared with us

o Driver behaviour data [acceleration, deceleration, speed, bending, last driving time, and last driving mileage],

o Vehicle location data,

o Vehicle state information data [driving mode, battery remaining capacity, mileage, tire pressure, tire temperature, battery activation voltage data, electronic lock status, intelligent device software version, signal strength of smart devices, current setting of the dashboard],

o Vehicle alarm data [abnormal vehicle movement, abnormal tire pressure, vibration, dumping, collision],

o Vehicle fault data.

For what purposes do we use your data and based on which legal basis? 

We process the above indicated categories personal data for the following purposes and based on the following legal bases:

Purpose

Legal Basis

To provide support and to respond to your requests and enquiries

We have a legitimate interest to respond to your requests and inquiries for ongoing business administration, Art. 6 (1) f) GDPR.

Where your request or enquiry is related to the subject of an existing contract with you, the basis for processing will be the necessity of performance of contract with you. Art. 6 (1) lit. b) GDPR.

To create your App account and register you, to deliver the App’s services and to assist you while you use the App, or if you make a purchase from us or download a paid application, including

· verifying your identity, taking payments, communicating with you, providing customer services and arranging the delivery or other provision of products, goods or services;

· sending you notifications on vehicle maintenance (e.g. based on the total distance the user drive, the time when the user buy the vehicle, the time or driving distance requirements for vehicle maintenance);

· sending you abnormal situation notifications (based on Vehicle Data); including data analysis by OEM (depending on the model) to provide customer care and follow-up optimisation of the vehicle;

· Providing route-planning during navigation, including calculating the distance between vehicles and walking navigation for the purpose of finding a vehicle;

· Enabling you to share keys by the App with friends in your address book (subject to access permission);

· Accessing your media photos (subject to your permission) e.g. in order to submit  feedback; 

· To guide users to drive safely;

· to view vehicle location in App and display its user’s position when forming teams;

· Displaying your vehicle related information within the App.

The processing is necessary for the performance of the contract with you, Art. 6 (1) lit. b) GDPR and we have a legitimate interest in providing assistance while using the Application, Art. 6 (1) lit. f) GDPR.

To monitor customer accounts to prevent, investigate and/or report fraud, terrorism, misrepresentation, security incidents or crime, in accordance with applicable laws, including filtering feedback with sensitive words or pictures in the users’ feedback.

The processing is necessary for compliance with a legal obligation to which we are subject, Art. 6 (1) lit. c) GDPR.

We have a legitimate interest in enforcing our Terms of Use concerning words and pictures in posts, Art. 6 (1) lit. f) GDPR.

To improve the App by helping us understand who uses the Application and how it is being used, including to

· Analyse common functions of vehicle owners to provide data support for subsequent optimisation;

· By MapBox: Collecting statistics on monthly active users;

· By Aurora SDK: (a) Assembling Monthly statistics; and (b) improving the message reach rate through the vendor channel.

We have a legitimate interest in improving our App, Art. 6 (1) lit. f) GDPR.

You have given consent to the processing, Art. 6 (1) lit. a) GDPR, if the data is collected directly from your vehicle or mobile device.

To share data with our service providers acting according to our instructions as our data processors (i.e. those hosting data for us or providing their SDK’s to us as data processors, including AliCloud SDK the purpose of content detection, and Umeng SDK for statistical analysis).

We have a legitimate interest in using vendors to provide our business services, Art. 6 (1) lit. f) GDPR.

To share data with our affiliates and third party business partners acting as data controllers (e.g. Mapbox Map SDK for displaying maps and showing vehicle locations, etc.).

We have a legitimate interest to share data with our affiliates and third parties to provide our business services, Art. 6 (1) lit. b) and f) GDPR.

We have a legitimate interest in improving our services, Art. 6 (1) f) GDPR.

To respond to law enforcement organization, or other government officials where we have a legal obligation, including complying with legal demands and complying with production and court orders. We will notify user of the information request or submission as, and if, allowed.

The processing is necessary for compliance with a legal obligation to which we are subject, Art. 6 (1) lit. c) GDPR.

The day to day running and management of the business including to monitor, maintain and improve the processes, information and data, technology and communications solutions and services we use.

We have a legitimate interest to manage our business including to maintain ongoing operations and to improve and strengthen our operations, Art. 6 (1) f) GDPR.

Protecting CFMOTO 's legitimate business interests and legal rights, including, but not limited to, use in connection with legal claims, compliance, regulatory, investigative purposes (including disclosure of such information in connection with legal process or litigation).

We have a legitimate interest for protecting our legal rights and interests, Art. 6 (1) lit. f) GDPR.

Sharing your personal data with third parties that acquire or are interested in acquiring all or part of our assets or shares, or that succeeds us in carrying on our business.

We have a legitimate interest for sharing your information for that purpose, Art. 6 (1) lit. f) GDPR.

Who will we share this data with?

We may share your personal data with third parties, for providing you the services of our App and pursuing our legitimate business interests in conducting and enhancing our business in a group structure. 

Furthermore, we use service providers for commissioned data processing (see examples above in Section “For what purposes do we use your data and based on which legal basis?”) whom we have instructed with the data processing within the scope of this Policy, e.g. within the framework of our website's technical infrastructure (like suppliers hosting data for us in Germany, Frankfurt; or providing their SDK’s for enabling functions of our App (including enabling us tracking the use of the application). In this context, our technical service providers may also be located outside the EU/EEA. Where your data is transferred outside the EEA, and where this is in a country that is not subject to an adequacy decision by the EU Commission, your data is adequately protected like described above under section “To which Third Countries will we transfer your data?”

Personal data may be shared with government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if required for the legal protection of our legitimate interests in compliance with applicable laws. Personal data may also be shared with third party service providers, who will process it on behalf of CFMOTO for the purposes above.

In the event that the business is sold or integrated with another business, your details may be disclosed to our advisers and any prospective purchaser’s adviser and may be passed to the new owners of the business.

To which Third Countries will we transfer your data?

Where information is transferred outside the EEA, and where this is to a CFMOTO affiliate or vendor in a country that is not subject to an adequacy decision by the EU-Commission (e.g. in case we access App Information stored on our servers in Germany from China), data is adequately protected by valid adequacy methods under applicable data protection legislation, such as the EU-Commission approved standard contractual clauses (https://ec.europa.eu/info/strategy/justice-and-fundamental-rights/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en  for further information) or another valid adequacy method under applicable data protection legislation. Please let us know if you have any questions or would like to receive a copy of the relevant documents (see below for contact details).

Children’s Privacy

We do not knowingly collect personal data from children under the age of 18, and in the event that we learn that a child under the age of 18 has provided information on the Application, we will delete that information as soon as possible.

What rights do you have in relation to your data?

You generally have the right to ask us:

· for access to and a copy of your personal data that we hold (Art. 15 GDPR)

· that some of your personal data is provided to you or sent to another data controller in a commonly used, machine readable format (Art. 20 GDPR)

· to update or correct your personal data in order to make it accurate (Art. 16 GDPR)

· to delete your personal data from our records in certain circumstances (Art. 17 GDPR)

· to restrict the processing of your personal data in certain circumstances (Art. 18 GDPR)

And you may also have a right:

· withdraw your consent anytime (Art. 7 (3) S.1 GDPR) where we rely on your consent to process your personal data; and

· to object to us processing your personal data in certain circumstances (e.g. in case we process your data for direct marketing purposes - Art. 21 GDPR).

These rights may be limited in some situations – for example, where we can demonstrate that we have a legal requirement to process your data or if making the information available to you would reveal personal data about another person or if we are legally prevented from disclosing such information. In some instances, this may mean that we are able to retain data even if you withdraw your consent.

We hope that we can satisfy any queries you may have about the way we process your data. If you have any concerns about how we process your data, you can contact us as described below in the section “If you have any questions about your data”.

In the event you still have unresolved concerns, you also have the right to lodge a complaint with a supervisory authority, in particular the data protection authority in the Member State of your habitual residence or place of work.

Finally, please note that where we require personal data to comply with legal or contractual obligations, then provision of such data is mandatory: if such data is not provided, then we will not be able to manage our contractual relationship, or to meet obligations placed on us. In all other cases, provision of requested personal data is optional.

Which CFMOTO entity is my data controller?

The data controller for your information is ZHEJIANG CFMOTO POWER CO., LTD, Address: NO.116, Wuzhou Road, Yuhang Economic Development Zone, Hangzhou 311100, Zhejiang Province, China. Email: lincj@cfmoto.com.

How long will you retain my data?

We retain your personal data for as long as it is necessary and relevant for the purposes described in this Policy. The criteria used to determine the retention periods include: (i) how long the personal data is needed to provide the services and operate the business; (ii) the type of personal data collected; and (iii) whether we are subject to a legal, contractual or similar obligation to retain the personal data (e.g., mandatory legal data retention periods (tax/bookkeeping), government orders to preserve data relevant to an investigation, or data that must be retained for the purposes of litigation or disputes (e.g. we may retain data for an appropriate period (e.g. standard limitation period) after any relationship with you ends to protect ourself from legal claims, or to administer our business).

Where you are a customer, we will keep your data for the duration of any contractual relationship you have with us, and, to the extent permitted, after the end of that relationship for as long as necessary to perform the purposes set out in this Policy in accordance with applicable law.

Where we process personal data with your consent, we process the data until you ask us to stop and for a short period after this (to allow us to implement your requests). We also keep a record of the fact that you have asked us not to process your data so that we can respect your request in future.

We will store data in connection with your visit and use of the App and the vehicle to the extent permitted by law and our internal retention policy.

How do you protect my data?

We strive to maintain the highest standards of security and CFMOTO has put in place robust technical and organizational measures for the protection of your data in accordance with the current, general state of technology, especially to protect the data against loss, falsification or access by unauthorized third persons. However, the transmission of information via the internet is not completely secure. So, whilst we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted via our App. Any transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to prevent unauthorized access.

If you have any questions about your data

If you have any questions about the processing of your personal data, please feel free to contact CFMOTO 's Privacy Team at lincj@cfmoto.com.

Date: 24-09-2022

Version 1.0.0