CCPA Disclosures

Reolink Privacy Policy for California Residents

Last updated on Sept. 15th, 2022.

Reolink Innovation Limited (“we” or “Reolink”) values and protects user privacy. We are highly aware of the importance of your personal information and are committed to protecting such information in a secure and controlled manner by strictly complying with legal and regulatory requirements and referring to proven industry security standards. For this purpose, we have developed the Reolink Privacy Policy (“Policy”) to help you understand in detail how we collect, use, process, share, store, and protect your personal information during your use of our products and/or services and the rights you have in such process.

This particular Policy sets forth how we process California Consumer's Personal Information in our role as business.

Before you start using our products and/or services, it is important that you read this Policy carefully (especially the highlighted terms), and fully understand and agree to the content herein. You have the right to refuse this Policy, but if you do so, we will not be able to provide you with our products and/or services as it serves as an important part of the Reolink User Service Agreement. When you choose to (re)use our products and/or services, you will be deemed to have accepted and acknowledged this Policy as it is an essential prerequisite for rendering our products and/or services.

Your agreement to the Policy indicates that you understand that we will collect certain personal information from you in specific service scenarios, but it does not mean that we will collect and process all of the personal information covered herein once you agree to this Policy and use our products and/or services. When it comes to additional business functions that require the processing of your non-essential personal information, we will ask for your consent separately. Some of the concepts might seem a little technical, and we've tried our best to explain them in a simple and clear way. Please read and understand this Policy before use. If you have any questions, please contact us.

I. Scope of Application

(1) This Policy applies to the official website (https://reolink.com/ma/) and all its subsites (collectively, “Website”), products, mobile applications (Reolink App), computer applications, cloud storage services, technical support, and other services provided by Reolink (collectively, “products and/or services”).

(2) This Policy does not apply to any third-party websites and their services linked to or from the Website. Please read the relevant privacy policy carefully when using the aforementioned services.

(3) “Personal information” herein refers to information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. The type and scope of personal information we collect vary with the products and/or services you use and how you interact with us. Please refer to the specific product or service functions. You have the right not to provide us with this information, but in some scenarios, if you choose not to, we will not be able to provide you with the corresponding products or services or respond to and resolve your problems.

(4) Some services may require you to enable the corresponding permissions on your device. You may refer to “(IV) Reolink App and Client Services” under “II. How We Collect and Use Your Personal Information” in this Policy to learn about the specific permissions involved with Reolink App. You can also go to “Settings > Application Permissions” on your device to enable or disable the permissions at any time through as needed. In particular, even if we have obtained your access permissions, we will only collect your information when it is necessary for the rendering of relevant functions or services.

(5) For better user experience, we are constantly improving our technology. As a result, we may introduce new or optimized functions from time to time and hence may need to collect and use other personal information or change the purposes or methods of data use. In this regard, we will separately explain to you the scope, purposes, and methods of collection and use of the corresponding information by Policy updates, pop-up windows, page prompts, etc. You will have the right to agree or disagree with such changes, and we will only collect or use your information after obtaining your express consent. During this process, if you have any questions, comments, or suggestions, you can contact us through the contact information provided herein. We will reply to you as soon as possible.

II. How We Collect and Use Your Personal Information

According to Reolink User Service Agreement signed between you and us, in order to provide you with the corresponding functions of our products and/or services, you will be required to voluntarily submit to us or authorize us to collect and use certain Personal Information of yours. We promise to follow the data minimization principle when collecting and using your personal information and not to use your personal information beyond the purposes elaborated under the Reolink User Services Agreement, Cookies Policy, this Policy or other Terms and Conditions unless for the purpose of rendering the abovementioned functions. We will collect and use your personal data lawfully and fairly in a transparent manner as follows.

(I) Registration, Account Log-In and Verification

When you register and log in to your Reolink account, you need to provide your email address, password, and in some scenarios, a verification code. If you refuse to provide them, you will not be able to register successfully. Additionally:

(1) When submitting community posts, making product reviews, and sharing videos, you may choose to fill in your nickname, profile picture, and name as needed. Refusal to provide such information will not affect your access to these functions or services.

(2) You may choose to fill in the country according to your own needs in order to use our personalized services (such as displaying local prices for products). Refusal to provide such information will not affect your use of the basic functions of your account, unless otherwise stated.

(3) If you decide to use other login methods, such as login with your google account, you will permit us to access your email address and country registered for your third-party account, for the purpose of binding it to your Reolink account. For personal information that we need but the third-party cannot provide, we will inform you and ask you to provide it through system prompts, etc.

(4) For products and/or services that require a Reolink account to use (e.g., cloud service and smart home function), we may verify your user identity based on the above information provided by you to ensure that we are providing services right for you.

(II) Online Transaction Service

Online transaction-related services are available on our websites and software. Some of them can be used without account registration but will still rely on certain personal information.

(1) You can make pre-transaction preparations such as information browsing, searching, and adding to cart (adding goods to your shopping cart) without logging in. We will collect your search keywords, query or browsing history, and add-to-cart history (such information is desensitized and will not be associated with you) in order to provide better website services.

(2) You may purchase products and/or services from our websites by logging into your Reolink account or through “visitor shopping” mode. In order to deliver the goods to you and provide after-sales service as required by the contract, you should provide your email address, shipping address (including postal code), recipient name, phone number and other information when you place an order. If you do not provide such information, we will not be able to ship and deliver the goods and provide after-sales services. You can also provide your company information and its tax ID to enable tax-free purchases.

(3) When making a payment, you can choose the payment service provided by our partner third-party payment institutions (including PayPal and other payment channels). To keep us informed of the status of your payment so that we can prepare for shipment accordingly, you agree that we may collect information related to your payment progress from the payment institution you have selected.

(III) Reolink Cloud Storage Service

After you have subscribed to a valid Reolink Cloud plan, you may log in to your Reolink account in your Reolink App and associate your Reolink device to the cloud plan. We may collect and use corresponding personal information as follows:

(1) When you bind your Reolink device to Reolink Cloud to use cloud storage service, we will collect the serial number of the product. The product serial number is the unique basic product information and is the basic information that must be collected to bind the product and further provide you with Reolink Cloud storage service.

(2) When video recordings are uploaded from your device to your Reolink Cloud, based on your authorization, Reolink entrusts a service provider to store your cloud videos. Only those who have access to your Reolink account (you and those authorized by you) may log in to your Reolink Cloud account anytime to view, download, and/or delete such videos. Based on the contract, the system will automatically delete the expired cloud videos.

(IV) Reolink App and Client Services

You can access your Reolink device in Reolink App, Reolink Client and other Reolink software, and browser and perform remote control or management (i.e., Reolink App and Client services). We may collect and use corresponding personal information according to the specific functions you choose to use.

(1) When you bind your device to Reolink App, we will collect the serial number of the product you bind. Such information is unique product information that shall be collected in order to bind products and provide you with further Reolink client services.

Upon your informed consent, we will request access to the location (WiFi SSID) of your device. We only use such permissions to help you make input and connect your device to the Internet and will not upload or keep any of such data. We will also need your camera permissions to scan the device QR code for UID input, storage permissions to save pictures and videos to your phone album, and notification permissions for pushing alerts. You can disable these permissions at any time via “Settings > Application Permissions” on your phone.

(2) When you use the phone push notification function, we will collect your device alerts and device information. Such information is only used for Reolink App to push Reolink device alerts to you.

(3) When you enable the email alerts, with your informed consent, we will collect your email address and password. Such information is stored in the Reolink device. It will not be uploaded to Reolink server and is used to send you email alerts only. You can disable this function at any time via “Settings > Email Alerts > Disable Email Alerts”. After disabling it, you can delete relevant data from your Reolink device.

(4) If you agree to join Reolink App User Experience Program, with your informed consent, we will collect information about your app & OS version, country/region, cell phone brand, device type and model, language setting, function clicks, page & button clicks, page dwell time, and the lag time between clicking the app icon and seeing the content during first use. You can disable the option via “App Settings > User Experience Program” to exit the program at any time.

(V) Customer Service

We provide customer services such as product and service consultation, technical support and after-sales service through telephone, online system, etc. In order to contact you and help you solve your problems as soon as possible or to record the solution and result of the relevant problem, we may collect and, in accordance with this Policy, store your correspondence/call records and related contents with us (including account information, country, email address, order information, payment information, purchase channels, bound product information, phone numbers, call recordings, and the evidence you provide to us. If you contact us via Facebook message, we will collect your Facebook profile picture and nickname); if you make inquiries or complaints or provide suggestions for specific orders, we will use your account information and order information.

(VI) Other Website Functions or Services

You may publicly post information through the comment, forum, and other information posting functions we provide. In addition, we may, from time to time, push surveys to you or ask for your review after you have used a product or service. At your own will, if you decide to fill out the surveys or write reviews, we will record the contact information, problems or suggestions you submit while using these functions to improve our products and/or services and enhance your experience.

Please note that the comments, reviews or other contents you post on Reolink are publicly visible. This means any information you posted may be accessed, collected, used or stored by a random third party. To avoid or minimize potential risks, we therefore recommend that you be careful when disclosing your personal information in your posts.

(1) When you use the website review function (including product reviews, article reviews, event reviews, etc.), we use your Reolink account ID (including forum ID), profile picture, nickname, IP address, email address, and the content of the reviews you share, based on the contract of user participation. You may change/delete contents you have submitted at any time by logging in to your account, or by contacting us directly through the email address at the end of this policy.

(2) When you decide to submit your email address and activate the website subscription function, you authorized us to collect your email address and country information and send marketing emails. You can revoke your consent to receive such emails at any time by using the unsubscribe link at the bottom of every email.

(3) When you submit a warranty registration, with your informed consent, we will collect information such as order number, product model, product UID (optional), country, email address, name (optional) and so on; however, failing to provide such information will not affect the basic warranty policy you are entitled to, but will disqualify you for the additional 6-month extended warranty service.

(4) When you participate in #ReolinkTrial Program, based on the user contract, we will collect your name, country, email address, and postal code and use them only for the purpose of delivering prizes. If you refuse to provide us with such information, you will be deemed to have waived the award.

(5) When you participate in #ReolinkCaptures Program, based on your informed consent, we will use your Reolink account ID, profile picture, nickname, the videos you share and your filming equipment. Please be advised that if you decide to participate the #ReolinkCaptures Program, you manifestly agree to publicize your videos, which may contain personal information. We will take measures to de-identify the Personal Information contained in the videos such as pixelating the human faces, but random third parties may still collect, use or have access to your personal data contained in the videos. Videos that are not approved by the system will be automatically deleted 15 days after the review. If you do not want to publicize your videos anymore, you may change/delete contents you have submitted at any time by logging in to your account, or by contacting us directly.

(6) From time to time, we may hold marketing campaigns. In order to prevent malicious use of means to increase the prize-winning rate and other behaviors, we may require you to log in to your account. We may also need to record the number of times you have participated in the event and your IP address in the relevant event technical log (such data will be encrypted for storage and will be deleted by the system automatically 30 days after the end of the event) as appropriate. If you win the prize, you should also provide the recipient name, recipient address (including postal code) and telephone number so that we can deliver the prize to you. Such information is necessary for you to enjoy the rights and benefits of events. If you refuse to provide it, we may not be able to deliver the prize to you. In addition, we may announce the prize winners to the public, and if your personal information is involved, it will be displayed in a de-identified manner.

(VII) Security Guarantee and Maintenance

In order to provide and improve our online services, conduct analytics, maintaining the security and integrity of the services, and to ensure legal or regulatory compliance, during your use of our products and/or services, we may collect your IP address and record system log information such as network logs or device log information, as well as information such as the frequency of using software, devices and related services, crash data, error reporting or abnormal service data, system operation status of abnormal devices, overall installation and usage, performance data, etc.

(VIII) Categories of Personal Information we collected

The Personal information we have collected about California residents in the last 12 months is described in How We Collect and Use Your Personal Information section above. That information corresponds with the following categories of personal information under the CCPA:

In the last 12 months, we have collected personal information from the consumer directly.

III. How We Disclose Your Personal Information with Third Parties

We disclose Personal Information to third parties for our operational business purposes We will make a written contract with them that require the service providers to comply with statutory restrictions on the retention, use and disclosure of personal information.

We have disclosed the following categories of personal information with service providers, which include providers of logistics, payment tools, support systems, tax calculation services, Email delivery systems, Email checkers, VAT checkers, analytic tools, social media platforms, cloud computing platforms, and advertising networks, for our business purposes in the last 12 months:

Category A: Identifiers.

Category B: California Customer Records personal information categories.

Category C: Commercial information.

Category D: Internet or other similar network activity.

Category E: Geolocation data.

As described above, our business purposes include processing or fulfilling orders and transactions, verifying customer information registering accounts, providing customer service, managing our relationship with you, and providing advertising/marketing services on behalf of us.

IV. No Sale of Personal Information

The CCPA sets forth certain obligations for businesses that “sell” personal information to third parties. Based on the definition of sell under the CCPA and under current regulatory guidance, we do not believe that we engage in such activity and have not engaged in such activity.

While California residents have the right to opt-out of the sale of their personal information under CCPA, we do not sell personal information to third parties. If our practices change, we will update this Privacy Policy and take any necessary action to comply with applicable law.

V. How We Store and Protect Your Personal Information

We have used security measures that meet industry standards to protect your personal information against unauthorized or accidental access, public disclosure, use, modification, damage, or loss. We will take all reasonably practicable measures, including administrative management, technical support and physical defense measures, to protect your personal information, and will retain your personal information only within the period stipulated by laws and regulations. You may contact us for the specific retention periods of information.

We provide online services that use web encryption technology. When using the online services, we recommend that you use a browser that supports SSL (an encrypted communication protocol), such as Firefox, Google Chrome or Apple Safari, to safeguard the confidentiality of your personal information.

Data storage is supported by AWS. Videos uploaded to Reolink Cloud are stored in highly secure AWS data centers along with disaster recovery data backups. These videos are protected by access keys and cannot be accessed by anyone without your permission.

To protect data transmitted between Reolink Cloud or Reolink applications and servers, we use the world’s most secure data communication protocol and algorithmic encryption currently available to ensure the confidentiality, integrity and authenticity of the information during transmission.

Please note that there is no 100% security protection in the Internet environment, and we will do our best to ensure the security of your information. In the event of any damage to our physical, technical, or managerial protection facilities, and consequently results in unauthorized access, public disclosure, alteration, or destruction of information, we will, as required by law and after the occurrence of a security incident, promptly inform you of the basic situation of the security incident and its possible impact, reactions we have taken or will take, suggestions for you to independently prevent and reduce risks, remedial measures for you, etc. We will promptly inform you of the situation by email, letter, telephone, push notification, etc. When it is difficult to inform the subjects of personal information one by one, we will take a reasonable and effective way to release the announcement. At the same time, we will also take the initiative to report our response to personal information security incidents as required by regulatory authorities.

Your understanding and cooperation are important to us in protecting the personal information and privacy security of you and your associates. Your passwords, verification codes and other information are to be kept by yourself. Please carefully evaluate the physical and electronic environment when you keep, enter and use such information to prevent leakage.

VI. How We Transmit and Transfer Your Personal Information

We provide our products and/or services through resources and servers around the world (Check Where We Ship.). This means that with your authorization and consent, your personal information may be transferred to or accessed from jurisdictions outside your country/region.

Such jurisdictions may have different data protection laws. In such cases, we will ensure that your personal information is adequately and equally protected as required by local laws and regulations and this Policy.

The privacy protections and the rights of authorities to access your information in these countries may not be the same as in your home country. And we may not provide the same level of protection as those in your country.

Data Retention

Reolink makes it easy for you to keep your personal information accurate, complete, and up to date. We will retain your personal information for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law.

VII. How We Use Cookies and Other Technologies

We analyze data collected through cookies, web beacons, and other tracking technologies, to collect visitor traffic and related data, such as the browser you use and what sites you visit. These technologies allow us to study how and how often you use our applications and services so that we can better meet your needs and measure the effectiveness of advertisement.

In some of our email messages, we use a “click-through URL” linked to content on our Website. We track this click-through data to help us measure the effectiveness of our customer communications. For more information about the use of cookies, please see our Cookie Policy.

California Do Not Track Notice

Reolink does not currently respond or take any action with respect to web browser "do not track" signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of personally identifiable information about a user's online activities over time and across third-party web sites or online services.

VIII. Your Rights About Your Personal Information

(I) Your right to know

You have the right to request that we disclose certain information to you about our collection, use and disclosure of your personal information over the past 12 months. Once we verify your request, we will disclose to you:

• The categories of personal information we collected about you.

• The categories of sources for the personal information we collected about you.

• Our business or commercial purpose for collecting that personal information.

• The categories of third parties with whom we share that personal information.

• If we disclosed your personal information for a business purpose, one list disclosing: disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

We do not provide access rights to B2B information. The aforementioned B2B information refers to the personal information involved in business-to-business communications or transactions.

(II) Your right to delete your personal information

You have the right to request that we delete any of your personal information that we collected from you and retained. In some instances, we may decline to honor your request where an exception applies, such as where the disclosure of Personal Information would adversely affect the rights and freedoms of another California resident.

Once we verify your request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We do not provide deletion rights to B2B information.

(III) Your right to opt-out of sale of your information

We do not sell your personal information, so we do not offer an opt-out of sale option.

(IV) Non-discrimination

We will not discriminate against you for exercising any of your CCPA rights. You have a right not to receive discriminatory treatment by us for exercising your privacy rights.

(V) How to exercise your CCPA rights

To exercise your right as described above, please submit your request to us by either:

• using the information on our “Contact Us” page

• sending an e-mail to dpo@reolink.com

• submitting a support case via support.reolink.com

• calling us at +1 833-424-0499 (Pacific Standard Time 5:00 pm to 2:30 am, Monday to Friday)

(VI) How we verify requests and respond to requests?

Before fulfilling your request, we take steps to verify you are who you say you are or that you have authority to act upon someone else’s behalf. Therefore, upon receipt of your request, we will request additional information that we need to verify you and, if you are submitting a request on behalf of someone else, to verify that you are permitted to act on that person’s behalf.

When we contact you to request verification information, please respond and provide the information that we have requested. Depending on the nature of the request you make, we may require you to verify your identity to either a reasonable degree of certainty or high degree of certainty. This may mean that we need to match two or three pieces of information that we hold about you with information that you provide to us. In some cases, we may require you to sign a declaration under penalty of perjury that you are the consumer whose personal information is the subject of the request

In addition to providing the information we need to verify you, you must provide us with enough information so that we can understand, evaluate, and respond to your request. We cannot respond to your request or provide you with personal information if we cannot confirm the personal information relates to you.

We will only use personal information provided in a verifiable consumer request to verify your identity to make the request and to locate relevant information. We cannot respond to your request or provide you with personal information if we cannot verify your identity to make the request and to understand, evaluate, and respond to your request.

We cannot delete personal information in those situations where our retention is required for our own internal business purposes or otherwise permitted by the CCPA (such as fraud prevention or legal compliance). In these situations, we will retain your information in accordance with our records retention program and securely delete it at the end of the retention period.

(VII) Response timing and format

We make every attempt to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time, we will inform you of it.

Upon receipt of your request, we will deliver our written response by replying to your email.

Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. When you request a copy of your personal information, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity easily.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

IX. Children’s Privacy

Reolink products and/or services are not intended for children under the age of 18. We do not permit registration and will not knowingly collect personally identifiable information from anyone under 18. If this happens, we will delete the information as soon as possible.

X. Changes and Updates on This Policy

We may change this Policy from time to time, so please revisit this page periodically. Your continued use of our products and/or services after the revised Policy has become effective indicates that you have read, understood, and agreed to the current version of this Policy. We will not, however, reduce your rights under this Policy without your explicit consent.

In the event that our specific products or services are discontinued, we will notify you in advance through system notifications, announcements, text messages, emails, etc., and process your personal information in accordance with this Policy or relevant documents. If we cease operations permanently, this Policy will become invalid and we will process all your personal information in accordance with applicable regulations.

XI. Contact Us

If you have any questions or suggestions about this Policy or your personal information, or you have any doubts about our collection, use or disclosure of your personal information, please reach us by using the information on our “Contact Us” page, by sending an e-mail to dpo@reolink.com, or by submitting a support case via support.reolink.com. We will reply to you within [7] business days. If you are not satisfied with our response, especially if our information processing has harmed your lawful rights and interests, you can file a complaint to the local competent regulator.