UGREEN NAS Privacy Policy

Effective Date: May 17, 2024

Last Updated: Aug 29, 2024 |

Welcome to UGREEN NAS and sign up for a global unified account! America Ugreen Limitedalong with its affiliates (LULIAN GROUP LIMITED, UGREEN Hong Kong- HONG KONG UGREEN LIMITED, and UGREEN Germany- UGREEN Group GmbH) hereinafter referred to as "UGREEN" or "We", ), sincerely thank you for trusting us with your personal information. Our commitment is to safeguard the privacy of your personal data, ensuring full compliance with legal requirements in doing so. Therefore, we have prepared this UGREEN NAS Privacy Policy (hereinafter referred to as "this Policy") to help you fully understand how we collect, utilize, share, secure, and store your personal information, and how you can effectively manage your data while using our products and services to make more informed decisions.

 

This Product Privacy Policy ("Privacy Policy") applies to UGREEN NAS and  the applications we provide for use with UGREEN NASincluding mobile apps, desktop apps, TV apps and WeChat apps.

 

This Privacy Policy describes how Ugreen collects, uses, shares, secures, protects and stores your personal information in order to effectively manage your data to make more informed decisions when using our NAS and NAS application.

 

The use of information collected through our Products shall be limited to the purpose of providing the service for which our Customers have engaged Ugreen NAS. We maintain a separate privacy policy with respect to our website. To view our Website Privacy Policy, click here.
 

 

 

We urge you to thoroughly read this Policy, paying particular attention to the boldfaced sections, and confirm your complete understanding and agreement before using our products or services.

 

In addition to this Policy, we may also use real-time notifications (such as pop-ups and page alerts) and feature updates to explain the objectives, extent, and use of the collected information. These real-time notifications and updates form an essential part of this Policy and have the same legal effect. We aim to define all terms used in this policy in a clear, accessible manner for better comprehension. For inquiries, feedback, or suggestions regarding this Policy, please reach out to us using the contact details provided at the end of Section12 of this Privacy Policy should you have any questions, comments or suggestions about this Policy.

 

By accepting this Policy, you acknowledge the features of UGREEN NAS and consent to the necessary collection of personal data to facilitate the operation of these features. We will process such information for the features or services you select, or as required by law, upon your activation or use of UGREEN NAS. Apart from the essential data needed for UGREEN NAS's core functions and services, and information mandated by legal requirements, you reserve the right to opt-out of additional data processing. Be aware, however, that this may limit access to certain features or services.

 

This Policy will help you understand:

1. Applicable Scope

2. How We Collect and Use Your Personal Information

3. Use of Cookies and Other Similar Technologies

4. How We Store and Protect Your Personal Data

5. How We Share, Assign, and Disclose Your Personal Information

6. How to Exercise Your Right to Manager Personal Information

7. Specific Clauses of EU General Data Protection Regulation

8. The Right to Privacy in California and Other US states

9. How We Process Minors' Personal Data

10. How Your Personal Information is Transferred Globally

11. Policy Updates

12. Contact us

 

  1.       Applicable Scope

For the purposes of this agreement, "UGREEN NAS" encompasses the products and services accessed and used via the UGREEN Client, websites, UGREEN software development kit (SDK) for third-party websites or apps, application programming interfaces (APIs), mini-programs, and any new products and services resulting from technological advancements (collectively "UGREEN NAS"). Variations in features may exist among different UGREEN NAS versions. We collect and process your personal information in accordance with this privacy policy unless otherwise specified by separate policies of other UGREEN NAS versions. In cases where other UGREEN NAS versions have separate policies, those policies shall also apply. In the event of any conflicts between this Policy and those of other UGREEN NAS versions, the latter shall control. Please be aware that certain search paths and operations may differ across UGREEN NAS versions, and should be considered in the context of the actual usage.

Except for the activities that the information would be collected and used for in this Policy, this Policy does not cover third party services, and such third parties are responsible for describing how they collect and use your personal information.

 

  1.       How We Collect and Use Your Personal Information

We collect and use personal information provided by you, generated during your use of UGREEN NAS, or obtained from third parties with your consent. This is done in order to satisfy your use of UGREEN NAS, communicate with you, and improve or optimize our products or services. As our offerings evolve, we might alter our products or services. Should we use your information for purposes not covered in this Policy, or use information collected for specific purposes for other uses, we will inform you and seek your consent, except where legal grounds or justifications exist for processing your data without consent. See the UGREEN NAS Personal Information Collection Check list for an overview of the personal data we gather.

  1. Contexts for Collecting Personal Data
  1. Registration and Login

Throughout the use of your NAS device, UGREEN has no access to your photos, documents, videos, etc. stored on your NAS device. Your data can only be accessed by you personally and your friends who accept your sharing.You can log in with your created local account (excluding official UGREEN Cloud website). The local account is divided into an administrator account and a non-administrator account; if you use the local account , all data is stored locally on your NAS device and your cell phone (or computer), UGREEN does not collect any personal data of you. You may also log in to UGREEN NAS through a local account, during which none of your personal information will be collected. We shall collect and process your personal information under this Policy if required in other circumstances.

If you encounter difficulties recalling your UGREEN NAS login credentials, you can utilize the password retrieval feature. For enhanced account security, we may request identity verification through one of four methods: your UGREEN Cloud account details, device information, local account, and password, or the device sharer's account information.

When you log in to UGREEN NAS on your app, go to the home page, and scan the QR code to log into the TV/PC client or to identify your NAS device, we will invoke the sensor information of your mobile device (such as direction sensor, rotation vector sensor (underlying physical sensors, including accelerometer, magnetometer, and gyroscope), and light sensor) to automatically adjust the direction and light of the scanning interface, thereby improving the convenience and accuracy of scanning. Please understand that device sensor data alone does not involve any personal information and cannot be combined with other information to identify a specific natural person.

  1. UGREEN Cloud account

When logged in with a local account, if you need to use the UGREENlink service, Configuration Backup and Restoration, or the SMS alert function for important NAS device information, you need to bind and use a UGREEN Cloud account to register and log in. At this time, you need to provide your phone number (for users in mainland China) or email (for users in other countries or regions), along with additional identification information (such as a profile picture and nickname). This enables us to assist with the registration process, enhance your account details, maintain account security, and support account recovery. We may link the basic information you provide to your UGREEN NAS device and send important device notifications via SMS or email. Registration or login to UGREEN NAS is contingent on this information.

  1. Bind device

To successfully bind and manage your UGREEN NAS device, we need to collect the following information when you bind the device: UGREEN NAS Device model, device serial number SN and MAC address, IP address, UGREENlink ID (if you enable the UGREENlink feature) and your customized device name, device system status (online/offline/sleeping), device holding role (owner/sharer), and warranty expiration time (visible only to administrators). Collecting this information is to assist you in device binding, identifying your device, and associating it with your account. This ensures you can inquire and manage the devices you have bound with your account. This enables you to monitor the status of your device in real time and ensures that the management rights of the device are allocated appropriately. For device administrators, we also gather the device's warranty expiration date to provide prompt warranty expiration reminders.

  1. Login History and Trusted Device Management

To protect your account against unauthorized access, swiftly identify and address abnormal activities, and safeguard against security threats, we collect the following login history details when you access UGREEN NAS:

1)  Login Time: Recording the precise login times, accurate to the second;

2)  Operation Record: Documenting your account logins and unbinding actions;

3)  Location Information: Determining your login city by analyzing and identifying your IP address;

4)  IP Address: Used to pinpoint the login network's location (accurate to city);

5)  Operating System: Identifying the operating system used during login, such as iOS, Android, macOS, Windows;

6)  Access Method: Determining whether access to UGREEN NAS is via the website or other clients.

We permit the setting of "trusted devices" to bypass repeated verification for easier and more secure login on these devices. This feature simplifies the login process while maintaining security and ease of use.

1)  Collection of Login Details: To improve account security, we record the device model and name, login location (identified by IP address, accurate to city), and your most recent login time. This helps us promptly verify who is logging into the account and take the necessary security precautions.

2)  User Management: You can review your login history and trusted device list, and are entitled to remove any suspicious devices. Should you detect any unusual activity, we advise changing your password and removing suspicious devices to ensure account security.

Trusted Device Information Collection Aims to:

  1.         Enhance Account Security: By monitoring login history, we effectively monitor for and prevent unauthorized access, maintaining account security. We can take prompt action, including by notifying you and taking further precautions, whenever our system detects any unusual login attempts or security threats.
  2.         Manage Trusted Devices: You are entitled to manage your trusted devices, minimize verification on frequently used devices, and effortlessly delete any suspicious or outdated devices from our system.
  1. Ticket

The "Ticket" feature is available for technical assistance at any time while using UGREEN NAS. To provide optimal support, we may collect and use data such as your: UGREEN NAS device's serial number, device model and system, client model, WeChat ID, and other access methods to UGREEN NAS(such as via LAN or wireless network). This information aids in understanding your product usage, allowing us to offer tailored technical support and solutions. Our primary aim in collecting this data is to help users identify and resolve technical issues effectively. We warrant that this information is solely utilized for addressing your technical issues related to our products and services. 

  1. Cloud Storage Services

If you choose to use UGREEN NAS services in conjunction with third-party cloud storage services, such as Baidu Netdisk (exclusively for mainland China users) and OneDrive, we will collect your account details for these third party cloud services, including account name, profile picture, membership level, and cloud storage capacity. This collection facilitates file transfer and synchronization tasks between UGREEN NAS and these third-party services. We will request file read and write permissions to ensure seamless file transfers and management between UGREEN NAS and the third-party cloud storage services. We warrant that such permissions will be used solely for the purpose of smooth file uploads, downloads, and task synchronization. You have the right to decide whether to link third-party cloud storage services with UGREEN NAS. Declining this connection won't affect your access to other UGREEN NAS services and features.

  1. LAN Device Search via find.ugnas.com

When you use the WebFind service on find.ugnas.com to search for and activate LAN devices, we collect device-specific data including the device name, IP address, Mac address, serial number, operating system version, model name, and status. This data ensures accurate and efficient identification of LAN devices for your convenience.

  1. UGREENlink Services

Accessing UGREENlink services requires an initial login to your UGREEN Cloud account. Upon login, you may opt to activate the UGREENlink feature for quick and remote connection to your UGREEN NAS device. To provide this feature, we will collect the product serial number, IP address, and routing port of your UGREEN NAS device. These details are essential for establishing a secure connection and optimizing user experience. Serial numbers help ensure precise and secure linkage to your UGREEN Cloud account, enabling access to UGREENlink services. We gather your IP address and routing port information when you use UGREENlink features to facilitate remote connectivity to your device, allowing you to access and manage your UGREEN NAS device from afar. Please note, that this information is only collected for UGREENlink features. If you choose not to use UGREENlink features, we will not collect or use this information for the aforementioned purposes.

When you enable our UGREENlink service in a LAN environment, we will collect some information on your device. Such information includes IPv4 address, IPv6 address, MAC address, DDNS address, device status information (whether the device has been initialized or whether it is currently online), WOL (Wake-on-LAN) switch status, device hostname, and device boot time. The abovementioned information is collected to ensure a better connection and access experience when you access the device in a LAN environment.

  1. Technical Support

When seeking assistance from our technical support team, we may collect the following information:

Device Information: This includes your device SN number, UGREEN NAS device system version, network conditions (including your IP address and network connection status), operational logs (including system activities and logs of user-initiated system operations, and) client information (including operating system type and version, and software version information).

Personal Files in UGREEN NAS Devices Our technical support team may access your personal files stored on UGREEN NAS devices only with your explicit authorization and after granting the appropriate permissions:

This information is collected for the following purposes:

Efficient Technical Support Services: By gathering device information, we can swiftly identify and resolve issues, providing you with precise technical support.

Specific User Permissions: Initially, our technical support staff will request general user permissions to access device information. This ensures that our access to your device is limited to what is necessary only.

Comprehensive Diagnostics: For complex technical issues, additional permissions may be requested with your consent. This involves creating and providing an administrator account for the technical support team to access. Access to personal files is only permitted under these specific circumstances.

  1. User Experience Survey (Excludes Mainland China Users)

UGREEN may invite you to participate in user experience surveys to continually optimize our products and services, aiming to deliver a more personalized user experience.

Email Address Collection: We collect your email address to distribute survey questionnaires, helping us understand your real experiences and feedback regarding UGREEN NAS. Participation is voluntary, and you decide whether to provide this information.

Survey Distribution: Upon your agreement to participate, we may send surveys to your provided email address. These surveys help us collect your usage experiences, preferences, and suggestions for UGREEN products, informing our product improvements and optimizations.

Marketing Information: In addition to surveys, we may also send marketing communications to your email. However, we will send those only after obtaining your explicit consent.

Prior consent will be sought before conducting any user experience surveys or sending marketing information via email. We warrant that no surveys or marketing materials will be sent without your explicit agreement.

  1. Independent and Third Party Services

UGREEN NAS contains information or links we have legally obtained, as well as other independent services we are licensed to operate. These services may be presented as separate features within UGREEN NAS (such as the UGREEN NAS Application Center). UGREEN NAS may also integrate or include links to third party content. We reserve the right to add, reduce, or adjust the content, form, and specific sectors within independent services at any time to expand our service offerings or optimize user experiences. While we will notify users of these changes in advance, some modifications may be implemented immediately under certain circumstances.

You may activate and use the above independent services and features via UGREEN NAS. You may be required to enter into additional agreements or accept separate terms between you and the service provider when using certain independent services or features. The primary service provider for independent services can be determined through the independent service agreements or information disclosed within such services. When necessary, we will make these agreements or terms available for you to review in a reasonable manner. Your use of the above services shall be deemed as your agreement and understanding of the associated agreements and rules.

Some services or features in UGREEN NAS may be provided by third parties either independently or in partnership with us. Such services may require separate user agreements, privacy policies, or other binding rules. Carefully review all agreements and rules (if any) before using third-party services, and ensure you fully understand and agree with them, assessing any risks involved. Exercise judgment and assess any potential risks when using third party websites or applications. You shall independently resolve any disputes, damages, or losses arising from the use of third party services with the third parties concerned. UGREEN NAS shall not be held liable for any direct or indirect damages caused by third parties.

Be aware that some third parties may use your account ID for data collection and processing. The third party service provider shall be responsible for the data collection, storage, use, and transmission. UGREEN is not involved in the processing of such data, nor will it process, access, control, or modify this data. Please choose and use third party services carefully, as your personal information and data security will be subject to the third party service provider's terms and policies when using such services.

We recommend consulting with legal experts or professionals before enabling any third party service should you have any concerns regarding the third party service provider's agreement or terms. UGREEN NAS may not be able to directly notify you of any changes to third party agreements or terms. Therefore, we recommend regularly reviewing the agreements or terms for any third party services you use to ensure your rights are protected.

  1. Operation and Security

To ensure the smooth operation and security of our products and services, and to protect the legal rights of users, the public, and ourselves, we may collect the following information:

For secure and efficient software and service operations, we collect your hardware model, operating system version, device identifiers (Android includes IMEI/MEID, AndroidID, OAID, IMSI, SIM card details, GAID, Hardware SN; iOS includes IDFV, IDFA; identifier validity, reset capability, and acquisition methods vary), Network Device Hardware Address, hardware SN, IP address, WLAN access points, Bluetooth, base stations, software version, network access mode and quality, operational, usage, and service log data.

Your account, device, and service log information may be used and shared with our affiliates and partners for account security assessments, identity verification, violation detection, security incident prevention, and to record, analyze, and address such violations.

We may collect error log data in the event of unusual errors in UGREEN NAS to analyze and help resolve these issues and assist you in addressing such issues.

  1. Configuration Backup and Restoration

To preserve your device settings, you can back up your configurations using the "Configuration Backup and Restoration" function. When you repair your device or carry it from the original country or region to use abroad, you can actively restore your backup data. For this purpose, we need to collect and use the following setting information from you:

Connectivity and Access: Users and user groups (permissions and advanced settings), file services, device connection data (UGREENlink, DDNS, portal settings), end devices, domains, and LDAP;

General Settings: Time and language, notification, network, security, and indexing services;

System Services: System updates, resets, configuration backups, and restorations.

  1. Personal Information Processing Pursuant to the Law

We may collect and use your personal data pursuant to applicable laws under the following legal circumstances:

  1. With your consent;
  2. For contract fulfillment as requested by you;
  3. To comply with legal obligations such as those for anti-money laundering, anti-terrorism, anti-telecommunications fraud, and real-name management;
  4. The request is directly related to national defense and security;
  5. Whenever necessary in response to public health emergencies, or to protect the life, health, or property of a natural person in emergencies;
  6. For criminal investigations, prosecutions, trials, or executing court judgments;
  7. When you publicly disclose your personal data;
  8. When the data is sourced from legally disclosed information, including legitimate news reports and government disclosures;
  9. For maintaining the security and stable operation of our products/services, including fault detection and resolution;
  10. Any other circumstances provided by law.

Please note, in scenarios from (2) to (10) above, we may process your personal data in accordance with applicable laws without requiring your consent.

  1. Use Permissions

UGREEN NAS may request certain permissions to provide services. Rest assured that UGREEN NAS will not activate these permissions by default. Only if you approve and confirm to grant those permissions will UGREEN NAS use them to collect your data, which will only be used in the necessary contexts specified. It is worth noting that granting UGREEN NAS a specific permission does not necessarily mean your data will be collected. Although you have granted such permissions to UGREEN NAS, your data will only be collected under lawful, valid, and necessary circumstances. Refusing to grant permissions may lead to the unavailability of specific features reliant on said permissions, but that will not affect you using other UGREEN NAS features. For more information on permissions and their uses, refer to the UGREEN NAS Permission Application and Usage Description.

  1.       Use of Cookies and Other Similar Technologies

Cookies and device identifiers are commonly utilized across the Internet. We may use such technologies to store cookies or anonymous identifiers on your device when accessing our platform or services, allowing us to collect and identify data during your use of our product. We warrant not to use cookies for any purposes other than those stated in this policy. Cookies and similar technologies are primarily used to facilitate product and service usage, enhance security and efficiency, improve login and response speed, and provide a more effective access experience. Most browsers allow users to delete browser cache data, including cookies. You can delete cookie data in your browser settings when using UGREEN NAS on the web. However, deleting cookies may render cookie-dependent features or services unavailable.

  1.       How We Store and Protect Your Personal Data
    1. Save Date

Your personal information will be retained only for the duration necessary to fulfill the purposes outlined in this policy when using our services (unless a longer retention period is required or permitted by law). If you wish to delete your personal data, please contact us using the contact information provided in this Policy Following the necessary retention period, we will delete or anonymize your personal information, except where legal obligations mandate otherwise.

Date Retention Criteria:

  1.       The length of time we maintain an ongoing relationship and provide UGREEN NAS products and services to you (such as the duration of your UGREEN Cloud account or ongoing use of our products);
  2.       Whether the information is modified by the account owner, or deleted by users through their accounts;
  3.       Legal obligations to retain data (for example, certain laws may necessitate retaining your transaction records for a specific period before deletion);
  4.       Our legal team's recommendations for data retention (such as considerations related to contract performance, dispute resolution, legal validity, litigation, or regulatory investigations).
    1. Data Residency

Generally, personal information collected and generated within the People's Republic of China is stored in the People's Republic of China, but as UGREEN NAS offers global services, we may transfer your personal information to our affiliates outside China. For more information, refer to "10. How Your Personal Information is Transferred Globally".

  1. Security Measures

We prioritize the security of your personal information and adhere to prevailing information security standards. Our aim is to remain at the forefront of industry security practices. Our security strategy includes advanced security technologies such as encrypted transmission, secure data storage, intrusion detection, firewall protection, and regular vulnerability scanning to safeguard your data. Beyond technical solutions, we implement comprehensive management systems to bolster information security. This includes staff training in data protection and meticulous scrutiny and improvement of all data processing and storage procedures. Recognizing that no system is infallible, we continuously identify potential risks and implement precautions to mitigate the likelihood of information leaks, destruction, misuse, unauthorized access, disclosure, or alteration of your personal information. In the event of a security incident, we have established protocols and response mechanisms to promptly notify affected users, rectify security vulnerabilities, and take steps to prevent future occurrences.

  1.       Your information is collected and used in accordance with industry-standard security practices, and you will be informed of the purposes and scope of data use through our user agreement and privacy policy.
  2.       Our network services employ encryption technologies, such as transmission security protocols, to protect your data during transmission.
  3.       Your personal information is encrypted and stored using advanced encryption and isolated through state-of-the-art technology.
  4.       When processing personal information, such as when disclosing personal information and measuring the degree of association, we apply data desensitization techniques, including substitution and encryption-based methods, to enhance the security of any personal data we process.
  5.       Our stringent data access control and multiple identity authorization systems are designed to prevent misuse of personal data and ensure compliance with regulations. Staff authorized to access personal information undergo identity verification, and access control measures, and sign confidentiality agreements, ensuring only authorized employees have access to your data.

While we implement robust security measures, we acknowledge that no system can guarantee absolute security. As such, we cannot promise complete data security, especially in instances beyond our control. Please be aware that despite our best efforts, security issues beyond our control, such as malicious attacks, may occur when using our products and services.

  1. We appreciate your cooperation!

Despite implementing these effective measures and complying with legal standards, we cannot assure the security of your personal information when transmitted over unsecured channels. Therefore, we strongly encourage you to take precautions to protect your personal information, including without limitation, the use of complex passwords, regularly changing your password, keeping your account password confidential, and helping us maintain the security of your account and personal data.

  1. Resolving Information Security Incidents

We have established emergency response plans for cybersecurity incidents. Should a personal information security breach occur, we will promptly activate these plans and assemble an emergency response team to identify the cause, minimize losses, and report to authorities as required by law. Additionally, we will inform you about the basics of the security incident, its potential impacts, our response plans, suggestions for mitigating risks, and any remedial measures we can offer. Communication will be through the contact information we have, such as notifications on our platform, messages, calls, or emails.

 

  1.       How we share, assign, and disclose your personal information
    1. Application Programming Interfaces (API) and Software Development Kits (SDK)

To guarantee the secure and stable operation of our products and services, UGREEN NAS incorporates software development kits (SDKs)and Application Programming Interfaces (APIs).When using products and services supported by these SDKs/APIs, third-party SDKs/APIs may collect and process your personal information. We perform security monitoring and assessments of third-party SDKs/APIs and adhere strictly to legal and regulatory requirements to safeguard data security. To maximize the protection of your personal information, we urge you to thoroughly understand the privacy policies of these third-party SDKs/APIs before use, as these entities are solely liable for your data under their respective privacy and data protection policies. This policy does not cover third-party products or services that you may access or initiate. We are not liable for the collection, use, and processing of your personal information by these third parties when you utilize their products or services. If you are concerned about the risks associated with these SDKs or APIs, we advise discontinuing their use and contacting us promptly. For circumstances involving UGREEN NAS's use of third-party SDKs/APIs for personal information processing, please refer to the UGREEN NAS Third-Party Personal Information Sharing List.

  1. Sharing

Your personal information will not be shared with any entities other than UGREEN or its affiliates, except under the following circumstances:

  1.       We receive your or your guardian's explicit authorization or consent.
  2.       Judicial or administrative agencies demand disclosure as part of legal proceedings;
  3.       We engage in legal action or arbitration against a user to protect our legal rights;
  4.       Such sharing is necessitated by the service agreement or usage rules between you and UGREEN;
  5.       To prevent infringement of the legal rights of UGREEN, its affiliates, users of our service, and the public to the extent permitted by law;
  6.       The sharing complies with agreements made between you and third parties.
  7.       The information is utilized for academic research purposes.
    1. Assignment

We will not transfer your personal information to any company, organization, or individual outside of UGREEN's affiliates, except under the following circumstances:

  1.       With your express prior authorization and consent;
  2.       To comply with legal obligations, legal proceedings, mandatory government directives, and court orders;
  3.       In cases of mergers, separations, bankruptcy liquidation, or acquisition/sale of our or our affiliates' business, your personal information may be transferred as part of the transaction. We will ensure confidentiality during the transfer and require the successor entity to adhere to this privacy policy, or otherwise, seek your reauthorization.
    1. Disclosure

We will only publicly disclose your personal information under the following circumstances:

  1.       1. With your express prior consent;
  2.       2. In compliance with laws, legal proceedings, lawsuits, or government orders.
    1. Exceptions to Obtaining Your Consent when Sharing, Assigning, or Disclosing Your Personal Data

Please be aware that in certain instances, we may share, assign, or disclose your personal data without prior authorization or consent:

  1.       The request is directly related to national defense and security;
  2.       The request is related to public security, public health, and other material public interests;
  3.       In circumstances directly involving criminal investigations, prosecutions, trials, or court order execution;
  4.       To protect vital legal rights, such as the life and property of the data subject or other individuals, when obtaining consent is not possible;
  5.       If the personal data has been publicly disclosed by the data subject;
  6.       Personal data obtained from legally disclosed information sources, including without limitation news reports, government information disclosure, and other legal channels.

 

  1.       How to Exercise Your Right to Manage Personal Information
    1. When you register or log in using a local account, all data is stored on your UGREEN NAS device and your mobile phone (or computer). We do not collect any of your personal data. At this time, to facilitate the management of your information, you can perform the related operations by following these paths:
  1.       Accessing Path: Profile picture - Homepage (access to Profile picture and email) or Control Panel - User Management (access to Profile picture, username, role, email, etc.)
  2.       Correction Path: Profile picture - Homepage (for editing Profile picture and email) or Control Panel - User Management (for editing Profile picture, username, role, email, etc.)
  3.       Change or Withdraw Your Consent Authorization:

① Path to change the scope of related permission applications and usage: Personal Profile picture - Privacy Management - System Permission Management.

② Path to withdraw privacy policy authorization on mobile devices: Personal Profile picture - Privacy Management - Privacy Statement - Withdraw Consent.

  1.       Deletion Path: Log in with an administrator account, go to Control Panel - User Management to delete a user, or go to Control Panel - Update and Restore to reset the device to factory settings (local accounts are stored on the device, so the device administrator can manage and delete local accounts, or even reset to factory settings to delete all user accounts).
    1. When you bind and use a UGREEN Cloud account for registration and login, we ensure that you can exercise the following rights regarding your personal information:
  1.       Accessing Your Personal Information

Official Website Online Account Path: Home page - account and security (access to profile picture, username, password, phone number, email)

For information not accessible through these methods, you can contact us anytime using the details in Section 12 of this Policy. We will respond to access requests within 15 business days after verifying your identity.

  1.       Correcting Your Personal Account Information

Official Website Online Account Path: Home page - account and security (modify profile picture, username, password, phone number, email)

For information not amendable via these methods, contact us anytime using the details in Section 12 of this Policy. We will respond to correction requests within 15 business days after verifying your identity.

  1.       Modifying Authorization Scope or Withdrawing Consent

To change authorization scope for permissions: Profile picture - privacy management - system permission management.

To withdraw consent for the privacy policy on mobile: Profile picture - privacy management - privacy statement - withdraw consent.

Rejecting marketing or withdrawing the consent for marketing (not applicable to users in the Chinese Mainland): We shall only send marketing information under applicable laws and with your consent, and you have the right to require us not to use your personal information for marketing. You may unsubscribe from our emails according to the unsubscribe guidelines shown in such emails for rejection and withdrawal.

Following the withdrawal of consent, we will cease processing the related personal information. However, your withdraw of consent will not affect the processing of personal information previously conducted based on your authorization. If you encounter issues during this process, contact us anytime using the details provided in Section12of this Policy.

  1.       Deleting Your Personal Information

You can delete your information as follows:

To delete device information:

Official Website Online Account Path: UGREEN NAS devices - unbind device.

If we process your personal information unlawfully, collect or use it without your consent, or if you seek deletion due to account closure and cessation of our product or service use, you may request the deletion of your personal information. Contact us using the information in Section12 of this Policy at any time. We will address your deletion request within 15 business days. Upon deletion, your personal data will no longer be used. However, immediate deletion may not occur to comply with legal or policy requirements or to maintain necessary data for normal operations. We will store or back up your data for the required period, after which it will be permanently deleted.

  1.       Account Closure

You have the right to close your UGREEN Cloud account using the following methods:

https://web.ugnas.com/account/login/#/login

Home page - account and security - close this account;

For additional assistance, contact us using the information in Section12 We will process your account closure by deleting your personal information associated with the registered cellphone within 15 business days after verifying your identity.

  1.       Obtaining a Copy of Your Personal Information

You are entitled to obtain a copy of your personal information. To request this, please use the following method:

Application Email: ugreennascss@gmail.com

(7) Constraint-based Information System Automated Decision-Making

Certain functions involve decisions made by automated systems, including information systems and algorithms. If you believe these automated decisions significantly impact your legal rights, you can request explanations or corrections, and we will provide appropriate solutions. For inquiries, contact us at ugreennascss@gmail.com.

(8) Response to Your Requests

For security, you may need to submit a written request or provide additional identification. We may ask you to verify your identity before processing your request.

We aim to respond within 15 business days.

Reasonable requests are typically processed free of charge. We reserve the right to refuse requests that are unjustifiably repetitive, technically burdensome (such as by necessitating the development of new systems or fundamentally amending current practices), infringe on others' legal rights, or are impractical (such as requests involving data on backup tapes).

Pursuant to applicable law, we are unable to accept requests under the following circumstances:

The request involves the personal information controller's legal obligations;

The request is directly related to national defense and security;

The request is related to public security, public health, and other material public interests;

The request is directly related to a criminal investigation, prosecution, trial, or enforcement of a judgment;

If the personal information controller has evidence of the request being made in bad faith or as an abuse of rights;

To protect vital legal rights, such as the life and property of the data subject or other individuals, when obtaining consent is not possible;

When responding to a request made by a subject of the personal information will materially infringe upon the legal rights of the subject of the personal information or other individuals or organizations;

A commercial trade secret is concerned.

This Policy does not create, extend, or modify rights for data subjects and consumers in mainland China, Hong Kong, China, the European Union, any U.S. state (including California), or UGREEN's obligations unless otherwise required by the GDPR, CCPA, or other privacy laws.

 

  1.       Specific Clauses of EU General Data Protection Regulations

For users in the European Economic Area (EEA) or the UK, this Section applies in addition to the terms specified in this Policy.America Ugreen Limited is the Controller of your data under GDPR.

  1. Data Subject Rights

As a user in the European Economic Area (EEA) or the UK, you are entitled to the following rights regarding the personal data we process as a personal data controller:

  1.       Right to Data Access/Portability: You have the right to access personal information held by us and can request that we provide this data for you to transfer to other service providers;
  2.       Right to Erasure: You can request the erasure of your personal data held by us under certain circumstances (such as where the data is no longer necessary for the purposes for which it was initially collected);
  3.       Right to Object to Processing: You have the right to object to our processing of your personal data and require us to stop such and/or stop sending you instant messaging marketing;
  4.       Right to Correction: You have the right to require us to correct any inaccurate or incomplete personal data;
  5.       Right to Restrict Processing: You have the right to require that we limit the processing of your personal data under certain circumstances (for example, if you dispute the accuracy of the data we hold or if you believe the processing is unlawful).

To exercise these rights, please reach out to us using the contact information provided in Section12 of this Policy. We will review and respond to each request in accordance with applicable data protection laws.

If you have additional questions regarding our use of your personal data, please direct your inquiries to the contact information specified in Section12 of this Policy. Note that we may request further information from you to verify your identity and ensure your entitlement to access your personal data.

You also have the right to file a complaint with a data protection agency. For more details, please contact your local data protection agency.

  1. Legal Basis for Processing Personal Data

We process your information in a lawful, transparent, and fair manner. Depending on the particular personal data and context, UGREEN may rely on various legal grounds for processing personal data as a controller in areas like the EEA and UK:

  1.       Contractual Necessity: When we enter into a contract directly with you, we process your personal data as necessary to prepare, sign, perform, and manage the contract;
  2.       Specific withdrawal of consent: We require your prior consent before using Cookies to show advertisements and analyze customized advertisements sent by our partners, or analyze your use of our website. You are entitled to withdraw your consent at any time via the Cookie management tool in Cookie Settings.
  3.       Required for compliance with our legal obligations: We process your personal data based on legal obligations to comply with EEA laws, codes of practice, guidelines, and rules that are applicable to us, and to respond to requests or other communications from jurisdictional EEA Agencies, governments, judicial, or other regulatory agencies. This includes detecting, investigating, preventing, and stopping fraudulent, harmful, unauthorized, or illegal activities (Fraud and Abuse Detection) and complying with privacy laws;
  4.       Protecting your material interests or those of others: We process some personal data to protect material interests and to identify and prevent any illegal activities that impact material interests and public security, including child sexual abuse data; and
  5.       we may process your personal data in accordance with the following legal rights to safeguard our (or others') legal rights unless such interests are secondary to your personal information protection or fundamental rights and freedoms:

Fulfilling and performing contracts between you and the account owner/distributor for our products or services (including issuing bills, complying with contractual obligations and management, and support);

Developing, testing, improving, and troubleshooting our products and services;

Ensuring the security and integrity of accounts, activities, products, and services, which involves detecting and preventing malicious activity and violations of our terms and policies, and preventing and addressing security threats;

Distributing marketing communications, advertisements, or promotions about our products and services;

Complying with laws, codes of practice, guidelines, and regulations applicable outside the EEA, and responding to requests from non-EEA public agencies, government, judicial, or regulatory agencies, and other communications to fulfill our corporate social responsibilities, protect our rights and assets and those of our clients, resolve disputes, and perform agreements.

  1. International Data Transfer

UGREEN operates globally, which may necessitate transferring, storing, or processing your personal data in locations outside the country or region of its initial collection.

For data transfers from the European Economic Area (EEA) and the UK to other countries or territories, it's important to note that the level of data protection in some destinations may not be considered adequate by the European Commission. The laws in these countries or regions may not offer the same rights as those in your location, or they may lack dedicated privacy regulators to address potential complaints. Nevertheless, we will utilize various legal processes, including, without limitation, having signed the standard contract clauses issued by the European Commission between America Ugreen Limited and the affiliates in your location (such as the Standard Contract Clauses issued by the European Commission under the Commission Implementing Decision 2021/914) to ensure the same protection of your data in the overseas receiving countries as that in the EU.

Regardless of the data storage location, UGREEN commits to processing it in accordance with this policy, adhering to applicable legal requirements, and implementing contractual or other measures to secure your personal data. Specifically, for data transfers involving EEA or UK users to countries outside these regions not recognized by the European Commission as having adequate data protection, we will adhere to the European Commission's standard contractual clauses for the transfer. For further information on this matter, please feel free to contact us.

 

  1.       The Right to Privacy in California and Other US states

If you are located in California or another U.S. state, the provisions in this section supplement those in this Policy.

The California Consumer Privacy Act of 2018 and the California Privacy Rights Act (CPRA), as amended, along with their implementing regulations (collectively referred to as the "CCPA"), grant California residents specific rights regarding their personal information. This section details your rights under the CCPA and how to exercise them.

  1. Your Personal Information Rights
  1.       Right to Know of the Collection, Disclosure, and Sale of Your Personal Information

California residents are entitled to request that a business collecting their personal information disclose the following:

Categories, purposes, and sources of personal information collected in the past 12 months;

Specific personal information collected in the past 12 months;

Types of personal information disclosed for commercial purposes in the past 12 months.

You are entitled to submit up to two free, verifiable consumer access or data portability requests to us within a 12-month period.

  1.       Right to Request the Deletion of Personal Information

California residents are entitled to request businesses delete any personal information they have collected, subject to exceptions as outlined in the CCPA. UGREEN will provide a clear base for any denied requests for deletion.

  1.       Right to Limit Use of Sensitive Personal Information

You have the right to limit the use of your sensitive personal information for any purpose, except as provided under Section 7027 (m) of the CCPA.

  1.       Right to Opt-Out of the Sale of Personal Information

We do not, nor have we in the past 12 months, sold any personal information we have collected.

  1.       Right to Non-Discrimination

 UGREEN will not discriminate against individuals exercising their rights under the CCPA.

These rights are not absolute, and in some cases, we may be legally required or permitted not to fulfill your request.

  1. How to Exercise Your Rights

To exercise any of the above rights you may submit a verifiable consumer request to us using the contact information provided in Section12 of this Policy. Only you or an authorized agent can make a verifiable consumer request related to your personal information. An authorized agent must submit your written permission and their registration filed with the California Secretary of State to make a request on your behalf.

  1. Validating Your Request

To respond to your CCPA request, we need to verify your identity or your authorized agent's authority. If initial verification is unsuccessful, we may request additional information for verification purposes. Any personal information provided for verification will solely be used for that purpose. For verification, please provide your name, address, phone number, and email address. We will compare this information with what we already hold and may request additional documentation, including identification documents, to minimize fraud risks. We may deny or partially fulfill certain requests as permitted or required by law. For example, in requests for deletion of CCPA Personal Information, we may retain necessary information for legal purposes, like tax accounting.

California consumers have the right to file a complaint with the California Attorney General's Office under the CCPS. The Attorney General's Office can be contacted via https://oag.ca.gov/contact/consumer-complaint-against-business-or-company or by calling (916) 210-6276.

Contact us using the methods below, and we will respond within 30 days: Should more time be needed to process your request, we will inform you within the initial 30 days.

 

  1.       How We Process Minors' Personal Data

Our products and services are primarily intended for adult users. If you are a minor under the laws of your country or region, please ensure that your parent or guardian reviews this Policy thoroughly. We require that you use our services or share information with us only with the explicit consent of your parent or guardian.

We are committed to the protection of minors' personal information. If you are a parent or guardian, please ensure that any child under your care uses our services with your authorized consent. For inquiries regarding a child's personal information, please contact our dedicated personal information protection department. If you are considered a minor under the laws of your area, it's important to review this policy with your guardian before using our product/service. Please make certain that you have your guardian's explicit consent both for using this product and for sharing your personal information with us. Once a child's personal data is collected with parental consent, we will use or disclose it only as explicitly agreed by the parent or guardian, in compliance with applicable laws, or when necessary for the child's protection. If a guardian believes we have collected a minor's personal information without consent, please contact us at ugreennascss@gmail.com, and we will delete the relevant data promptly upon request.

 

  1.   How Your Personal Information is Transferred Globally

UGREEN offers products and services utilizing resources and servers located worldwide. Consequently, your personal information may be transferred to or accessed from jurisdictions outside the country where you use our products or services. These transfers and accesses are conducted in compliance with applicable laws.

To provide the user with global UGREEN NAS services, UGREEN transfers the user’s personal information from the account registration country/region (home country/region) to HONG KONG UGREEN LIMITED (UGREEN’s affiliate in Hong Kong, “HONG KONG UGREEN” ) on a need-to-know-basis.

Specifically, after registration by the user, UGREEN will transmit the home country/region to HONG KONG UGREEN. When you enable UGLINK function, we will transfer UGLINK information of your NAS device to HONG KONG UGREEN.With that, UGREEN can, through HONG KONG UGREEN, identify the home country/region  of the user’s account and then assign the user to the server in the his/her home country/region whenever a request is made by the user from any location worldwide. Suppose the user is traveling for business or pleasure to places such as Europe or North America, and accessing his/her device in mainland China there, then the home country/region and UGLINK information of the user’s NAS device will be transmitted from the Hong Kong server to UGREEN’s affiliates Ugreen Group GmbH (located in Germany) or AMERICA UGREEN LIMITED (located in the United States). This is required for us to provide the user with global UGREEN cloud services, which will allow the user to conveniently and efficiently access his/her UGREEN NAS device from any country/region worldwide.

To safeguard cross-border personal information security, we employ technical and managerial measures like encryption, anonymization, access restriction, and monitoring of offshore UGREEN affiliates and cloud service providers to comply with China's personal information protection standards.

If you wish to exercise your rights under6.How you can exercise your rights to manage your personal information, you can refer to this clause and contact the parties involved at ugreennascss@gmail.com.

Policy Updates

We may periodically update this policy. Without your explicit consent, we will not reduce your rights under the current Privacy Policy. Any changes to this policy will be posted on this page. For significant updates, we will inform you through push notifications, pop-ups, emails, etc., and seek your consent again.

Significant changes as referred to in this Policy include, but are not limited to:

Substantial changes in our service model. Such as changes in personal information processing purposes, processed information types, and usage methods;

  1. Significant changes in ownership or organizational structure. Such as those resulting from business adjustments, bankruptcy, mergers, or acquisitions;
  2. Modifications in the main entities of personal information sharing, transfer, or public disclosure;
  3. Major alterations in your participation in personal information processing and the exercise of your rights;
  4. Changes in our personal information processing departments, contact details, and complaint channels;
  5. When a security assessment indicates high risks to users’ personal information.

By utilizing our services, you acknowledge and consent to the collection, use, storage, sharing, management, and protection of your information as outlined in this policy.

 

  1.   Contact us
    1. For any inquiries, comments, or suggestions regarding this agreement or our services, please reach out to us using the contact details provided below.
  1.       Contact us through the "Help Center - Contact Us" feature within UGREEN NAS;
  2.       Our dedicated Personal Information Protection Officer can be contacted at: ugreennascss@gmail.com
  3.       You can also contact us by phone.
    Contact Numbers and Business Hours:

(US)+1 888 678 8925        Mon-Fri 9:00-17:00 PST 

  1.       Contact us by mail at the following address:

Registered Addresses: 108 WEST 13TH ST WILMINGTON, DE 19801, USA County of Delaware

  1. To ensure efficient handling of your inquiries and timely feedback, please provide proof of identity, valid contact information, written requests, and relevant evidence. We aim to process your request within 15 working days after verifying your identity.
  2. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.