Last updated: 01 04 2022
Thank you for choosing OnePlus Health (hereinafter referred to as “Health”)! Health is operated by OnePlus Technology (Shenzhen) Co., Ltd. (hereinafter referred to as “we” or “us” or “our”) and is a product that provides you with sports and wellness guidance. We may collect and use your personal data when you use our account, website, Health app or other products and services. Personal data refers to various data which is recorded in electronic or any other form and used alone or in combination with other data to recognize the identity of a natural person.
In this Privacy Policy, we will explain to you about the purposes, method and scope of the collection and use of your personal data by Health, your rights to your personal data, and the security measures we take to protect it.
Before using our Health, please read this Privacy Policy carefully to learn our practices for the protection of users’ personal data. If you do not agree with the terms of this Privacy Policy, you can turn off Health by clicking “Exit” and we will not be able to provide you with the services related to Health. If you click “Agree” to turn on Health, it means that you fully and clearly understand the following terms regarding data collection and usage, your rights to your personal data, etc.
This Privacy Policy will help you understand the following:
I.
How and What Types of Personal Data We Process
II.
How We Retain Your Personal Data
III.
How We Disclose Your Personal Data
IV.
How We Protect Your Personal Data
V.
Your Rights to Your Personal Data
VI.
How We Process Children's Personal Data
VII.
Third-party Service Providers and Their Services
VIII.
How Your Personal Data Is Transferred Globally
IX.
How This Privacy Policy Is Updated
I. How and What Types of Personal Data We Process
We collect personal data for more efficient operation and to provide you with best usage experience. Our channels to collect personal data include: (1) data directly provided by you to us; (2) data provided by the smart wearable devices paired with Health; (3) we obtain relevant data during your use of Health; and/or (4) we obtain personal data about you from third parties.
The data we collect depends on the products you actually use, the environment in which you interact with us, the choices you make, including your privacy settings and the products and features you use. Our products and functions include core businesses and value-added businesses. In collecting data, you are not necessarily required to provide us with your personal data. For core businesses, if you choose not to provide it, we may be unable to provide you with relevant Health and respond to or solve any problems with which you are confronted. For value-added businesses, you may decide whether or not you permit us to collect your data. If you refuse to do so, it may cause relevant value-added businesses to be unavailable, but will not compromise your use of our core businesses.
1. What Types of Personal Data We Process
1. You need to register and login OnePlus account to use Health. We will collect your
mobile phone number or email address, password, region, and the content of the verification message sent to you, in order to register your account and assist you in logging in and using the services. When you have registered for your account, you can choose whether or not to provide us with data such as your user name, gender, avatar, etc. to further improve your account. Please review the privacy policy applicable to your OnePlus account here to obtain information on how personal data is processed when using the OnePlus account.
2. The first time that you use Health, you need to enter your age, gender, height and weight. We need to process these data to in order to ensure the accuracy and suitability of the content displayed to you.
3. When you use the function for pairing with or managing your various smart devices such as smart watches and bands so that you can control your wearable devices via Health (such as when you pair or manage your watch or bands using various functions such as the watch call, watch dialing, and watch basic capabilities), Health may need to collect your wearable device data (OS version, device name, and model), Bluetooth address, IMEI, EID, WiFi account data, ICCID, serial number, wireless address, and your smartphone device data, such as OS version, device name, model, android ID.
4. Health processes the following
health-related and exercise-related data collected by your wearable devices: exercise settings (such as exercise goals, heart rate zones, metric settings, etc.), device position (geo coordinates), exercise track, exercise type (walking, running, swimming etc.), exercise duration and frequency, number of laps during swimming, steps, step pace, pace, distance, incline, calories burnt, maximal oxygen uptake, oxygen volume, exercise heart rate and other exercise data, heart rate and sleeping condition, such as the time of sleep, duration of the sleep, awake times, sleep quality.
5. When you have activated the “Auto sync health data” function, your exercise and health related data (including but not limited to steps, heart rates, sleep quality, exercise logs, etc) shall be automatically uploaded to the cloud and the data will be restored to your smartphone when you sign in.
6. When you use the function of Track SpO2 during sleep, Health shall process also the blood oxygen collected by your wearable device.
7. When you use the Stress function, Health shall display psychological pressure data collected by your wearable device.
8. When you use the function for pairing your wearable device with Health, Health need to collect the name list of applications installed on your smartphone device, contacts, call record, message notification, information of the songs played on your music application in order to display such notifications and details on your wearable device and allow you to use their relevant functions;
9. If you would like to exercise in an outdoor environment, due to the fact that outdoor sport requires your location data as a sport path record, we will ask you if you will allow us to invoke device permissions to obtain your location data via the device GPS signal or data about nearby WiFi access points and cell towers, device location ID, and network service provider ID.
10. Health may collect information on the region/city in which you are residing, so that you can check the weather on your wearable device as well as on the Health for more convenience.
11. When you use Help and Feedback, we need to collect your/you may need to provide us with feedback, contact details, log record.
12. Health also provides cloud storage function
(Cloud Service may vary in different market area.) Based on your request, we will ensure that your
health-related and exercise-related data is securely stored in our cloud.
13. To provide you with notification and push functions, we may collect your device information including your device name, device model, IMEI number, mobile phone model, Mac address, serial number, Internet Protocol (IP) address, operating system version, etc. The Notification and Push services include App update and installation, sales and promotion data, etc. You can stop receiving data via Settings - Apps & Notifications - Special App Access - Notification Access - OnePlus Health.
14. If you would like to participate in lucky draws or competitions, promotional or marketing activities organized by us or our business partners, fill out questionnaires, or participate in a user forum or blog hosted by us or our business partners, you may be required to provide us with your name,
mobile number, email address, address,
bank account in order for us to contact you and issue you a reward.
15. When providing after-sales service and customer support for you, we may ask you to provide and collect your personal data, such as IMEI and other device data, your name,
mobile phone number, email address, address, etc., and we may
record the call between you and our customer service.
16. In order to help us understand how you use our services, user forums or blogs, or use after-sales service and customer support and to receive feedback from you, we may also contact you through the
mobile phone number data you have provided for us in the aforementioned scenarios to conduct user research and return visits.
17. In order to fulfill the cyber security protection obligations, to ensure the normal operation of Health and your account security, but also to improve and optimize your service experience, we may collect data about your device and how you and your device interact with Health, including device name, device model, IMEI number, mobile phone model, Mac address, serial number, IP address, operating system version, and other device data. We will also record the operational behaviors of your account after login (including
changing the password, modifying the bound mobile phone number/email address, complaints record, etc.), time and duration of your use of the Health, search query terms entered through the service, and software event data (such as reboots, upgrades, errors, crashes, etc.).
2. How We Process Your Personal Data
1. We will process your personal data for the following information:
● to allow you add, manage and view your wearable devices and fulfill the agreement between you and us;
● to provide you with the ability to manage notifications sent on your smartphone via your wearable device;
● to analyze the health-related and exercise data collected by your wearable devices, display them on your Health and provide you with workout logs;
● to provide workout programs suitable for you and display other fitness or health services or advertisements you might be interested in;
● to send you notifications for, allow and manage your participation in our promotional or marketing activities;
● to diagnose product issues and provide after-sales services and customer support for you;
● to conduct customer satisfaction surveys in order to improve our products and optimize your user experience;
● to communicate with you and reply to your questions or comments submitted to us through Help and Feedback function or any other platforms, including but not limited to our mailbox, social media platforms, etc.
● to ensure the functionality and safety of our services, to verify your identity, to review transactions, to conduct internal auditing and to prevent and investigate fraud, cybersecurity threats or other improper use;
● to understand how you use our services and products and further analyse and optimize the efficiency of our business operations and analyse the customer market on the basis of the country where the users of Health are located;
● to pursue or defend against legal claims; and
● to comply with our legal obligations;
2. When we want to use the personal data for other purposes not described in the Privacy Policy, we will inform you about that and ensure that the use of your personal data complies with the local legal requirements.
II. How We Retain Your Personal Data
The retention period of the personal data we collect is the minimum amount of time required to achieve the purposes of collection stated in this Privacy Policy, unless otherwise required by laws or regulations.
You can find below our specific data retention and deletion policy via the table.
Types of Data
|
Retention Period
|
Registration Data |
Your registration data will be permanently deleted within 15 days after verification of account ownership and account deletion request.
|
Device Data |
Until you cancel your account. The device data will be permanently deleted within 15 days after making of the account deletion request.
|
Local Data |
All data stored locally on the Health App device will be deleted when you uninstall the App or clear all data in the App.
|
If we stop operating some or all of our products or services for special reasons, we will promptly inform you and stop the collection and processing of personal data by the related products or services, and we will delete or anonymize the personal data we hold that is related to the said products or services, unless otherwise required by laws and regulations.
III. How We Disclose Your Personal Data
We may, from time to time, share and transfer some personal data with our associated companies and the strategic partners that work with us to provide products and services, in order to provide the products or services you request.
1.
Affiliates: In order to provide you with services based on your OnePlus account, we may share your personal data with our affiliates. We will only share personal data that is necessary. For example, when you use Health through your OnePlus account, your personal data may be shared with our affiliates to assist you in accruing OnePlus account points, as well as to assist you in completing point redemptions, memberships, and other user benefits when using other products or functions supported by OnePlus account.
If we or our affiliates change the use and processing purpose of personal data, we will ask for your authorization again.
2.
Sharing with Authorized Partners: Some of our services will be provided by our authorized partners solely for the purposes stated in this Privacy Policy. We may share some of your personal data with our partners to provide services and to improve user experience. To be specific:
a) We may need to share your personal data with our providers(including but not limited to cloud service providers, SMS or other technical service providers, etc.) in order to perform the necessary product or service functions.
b) In some cases, we will entrust a third party to process your personal data on our behalf. For example, companies that send text messages or emails and provide technical support on behalf of us. These companies can use your personal data solely to provide services to you on our behalf.
3.
Purchasers and third parties in connection with a business transaction: When we are in a process of a merger, acquisition or bankruptcy liquidation, and if such process requires a transfer of your personal data, we will require the new company or organization that hold your personal data to continue to be bound by this Privacy Policy, otherwise we will require this company or organization to ask your consent again. If it does not involve the transfer of personal data, we will fully inform you and delete or anonymize all personal data under our control.
4.
Law enforcement, regulators and other parties for legal reasons: We may also disclose your personal data with third parties as required by law or if we reasonably believe that such action is necessary (a) to comply with a subpoena or other legal proceedings, legal actions or government agencies’ requests, (b) when we believe in good faith that a disclosure is necessary to comply with the law and the reasonable requests of law enforcement, (c) to protect and exercise our legal claims, rights and property, (d) to protect your rights, property or personal safety or the one of others, (e) to investigate fraud and (f) to protect the security or integrity of our services.
5.
Otherwise with your consent: After obtaining your explicit consent we disclose the personal data you have authorized with other certain third parties.
We will only share or transfer your personal data for lawful, legitimate, necessary, specific, and express purposes, and will only share personal data that is necessary for the service. Meanwhile, we will require the above-mentioned in scenarios 1 to 3 third parties to take appropriate confidentiality and security measures to process personal data through agreements or other appropriate means.
IV. How We Protect Your Personal Data
1. We have taken reasonable and feasible technical security and organizational measures to protect the data collected in relation to the services. We have adopted security measures that are in line with industry standards to protect the personal data you provide, and to prevent unauthorized access, public disclosure, use, modification, damage or loss of the data. We will take all reasonable and practical steps to protect your personal data, including:
1. We will use SSL and other mainstream security technologies to encrypt many of our services. We will examine our practice of data collection, storage, and processing (including physical security measures) on a regular basis to prevent unauthorized access to or tampering with various systems.
2. We will strictly control the access to personal data, and only allow our employees who need to know the personal data to help us process such data, and personnel of companies authorized to handle the services on our behalf to access such personal data. These employees and personnel are required to fulfill strict contractual confidentiality obligations. Should they fail to fulfill these obligations, they may be held accountable for legal liabilities or their relationship with us may be terminated. Access logs of personal data will be kept and periodically audited.
3. The security of your data is of great importance to us. Therefore, we will continue our efforts to protect your personal data and implement safeguard measures, such as providing full encryption for data storage and transmission, to prevent your data from unauthorized access, usage or disclosure. For certain specific contents of encrypted data, no one but the user has the right to access them.
4. We will adopt encryption and other security measures to transmit and store your personal data of particular types; and we will use technical measures to process your personal biometric data before storing it, e.g., we will only store the abstracts of such personal biometric data.
5. We will prudently select business partners and service providers, and implement the requirements for personal data protection to the business contracts or audits and assessments between both parties.
6. We will conduct security and privacy protection training courses, testing and publicity activities to enhance employees' awareness of the importance of protecting personal data.
7. We will adopt international and industry-recognized standards to protect your personal data and actively pass relevant security and privacy protection certifications.
However, please note that while we have taken reasonable steps to protect your data, no website, Internet transmission, computer system, or wireless connection is absolutely secure. In the event of a personal data security incident, we will, in accordance with the requirements of relevant laws and regulations, promptly inform you of the following: the basic situation and possible impact of the security incident, disposal measures we have taken or will take, suggestions for your self-protection and risk mitigation, remedies for you, etc. We will timely inform you of the relevant situation of the event by email, letter, telephone, or push notification. When it is difficult to inform the personal data subjects individually, we will issue an announcement in a reasonable and effective manner. Meanwhile, we will also actively report the handling of the personal data security incident in accordance with the requirements of the regulatory authorities.
V. Your Rights to Your Personal Data
We respect your rights to your personal data. Subject to the applicable law in your jurisdiction, you may have specific rights regarding your personal data. This may include the following rights:
1. Right to Be Informed
We will inform you of how we process your personal data by publishing this Privacy Policy. We are committed to being open and transparent about how we use your personal data. You can keep track of the collection and use of your personal data by periodically reviewing this Privacy Policy and contacting us in the manner disclosed in this Privacy Policy.
2. Right to Access
You can directly query or access your personal data on our product or service interface, such as you can log into your account through the product page at any time to access your account related personal data. To be specific:
(1) You can access personal data through "Manage—Settings—Personal profile".
If you are unable to query or access your personal data on your own, or if you encounter any problems while exercising your right to access data, you may contact us and request access to your personal data in the manner disclosed in this Privacy Policy.
3. Right to Correct
When you find that the personal data we processed about you is inaccurate or incomplete, you have the right to have it rectified or completed by us. For parts of your personal data, you can directly correct and modify it on the relevant function page of the product or service. To be specific:
1. You can correct your account data, e.g. bound mobile number, bound email address, etc. via OnePlus Account.
2. You can correct your nick name, gender, date of birth via Manage - Settings - Personal profile.
For personal data that has not been made available for your own modification, you may contact us and request corrections or additions to your personal data in the manner disclosed in this Privacy Policy.
4. Right to Delete
You may choose to delete some of the personal data you have submitted to us. For some of your personal data, you can delete them directly on the relevant function pages of the products or services. To be specific:
1. You can delete your local data via Settings - Apps & notifications - OnePlus Health - Storage Usage - Clear Data
2. You can delete your local data by uninstall Health
3. You can delete your cloud data via Settings - Cloud sync - Clear Personal Data in Cloud
You may request that we delete your personal data by contacting us in the manner disclosed in this Privacy Policy if we have not yet provided you with a channel for the deletion of your personal data, or if we violate our agreement with you in the collection and use of your personal data, you may contact us and request the deletion in the manner disclosed in this Privacy Policy.
5. Right to Cancel Account
You have the right to cancel your OnePlus account.
You can cancel your OnePlus account. After you submit your account cancellation request, we may need to manually review your account cancellation to make sure you meet the conditions for cancellation. After you cancel your account, we will no longer be able to provide you with the OnePlus account registration service and other products and services that require logging in to a OnePlus account.
You may also contact us directly and request cancellation of your account by the manners disclosed in this Privacy Policy. We will record your request to cancel your account, conduct a manual review of your request to confirm that you are eligible to cancel your account, and we will assist you in completing the cancellation of your account within 15 days of submitting your request.
6. Right to Withdraw Consent
To function properly, each service requires some basic personal data. You may change the scope of your authorization to us to continue processing personal data, or withdraw your authorization by deleting data, disabling device permission settings, changing related product or function settings pages, canceling your account, etc. To be specific:
1. You may turn off device permissions via Settings -Apps & notifications - OnePlus Health - Permission, in order to withdraw your consent for us to deploy the relevant device permissions and to collect your data based on your relevant device permissions.
2. In the commercial advertising messages/marketing notifications that we send you, you will be told exactly how to unsubscribe, and you can withdraw your consent in the manner described in the message.
If you withdraw your consent, we will no longer be able to provide you with the corresponding service for which you have withdrawn your consent. Once you have withdrawn your consent, we will no longer process the corresponding personal data. But your decision to withdraw your consent will not affect the processing of personal data based on your previous consent prior to the withdrawal.
7. Right to Complain
You have the right to contact us and file service complaints in the manner disclosed in this Privacy Policy. Please note that, due to security reasons, we may verify your identity before processing your request. In principle, we do not charge any fees if your request is reasonable. However, based on the actual situation, we may impose a certain fee to cover our costs for repeated requests or requests that extend beyond reasonable limits. We may reject requests that are manifestly unfounded, unreasonably repetitive, require disproportionate technical effort (for example, developing a new system or fundamentally changing an existing practice), may be detrimental to the legal rights and interests of others, or are very impractical. In addition, we may not be able to respond to your request if your request is directly related to matters involving national security, national defense, public health, criminal investigation and other public interests, or if the request may severely impair the legitimate rights and interests of yours or those of other individuals and organizations.
VI. How We Process Children’s Personal Data
Our products are mainly adult-oriented. Pursuant to the relevant laws and regulations, if you are a child, before using the relevant products or services, you shall obtain consent from your parents or legal guardians. If you are the child’s guardian, you should read this Privacy Policy carefully before you assist the child with registration or usage of the products or services. We treat anyone under the 18 years old (or equivalent minimum age for full legal capacity in relevant jurisdiction) as a child.
If you are a child, a parent or legal guardian of a child, or if you otherwise find out that we collect, store or use data that may include personal data of children, you may contact us promptly in the manner disclosed in this Privacy Policy and we will take steps to delete the relevant data as soon as possible. If the local law has additional regulations on the age of minors, the local law shall prevail.
VII. Third-party Service Providers and Their Services
Our websites, products, applications, and services may contain links to third-party websites, products, and services. You can choose whether to visit or accept websites, products, and services offered by third parties.
Please notice that we have no control over third-party privacy and data protection policies as such third parties are not bound by this Privacy Policy. Before you submit personal data to third parties, please refer to their privacy policies.
● Sharing Data with Google Fit
Currently, Health allows you to synchronise your data with Google Fit. If you choose to activate this function, part of your personal information stored on Health (steps, calories, heart rate and sleep data) will be automatically sent and integrated in your Google Fit account for display there. You can turn off this function and stop the automatic update of Health personal information to Google Fit account anytime through the following path: OnePlus Health – Device – Setting – Data Sharing – Google Fit.
The data from Health synchronised on Google Fit shall not be visible by other connected applications. Please note that we do not receive any data from Google Fit. Therefore, Health is unable to access, use, store, share or in any other process any data of your Google profile and after the data is synchronized on Google Fit, we have no control over how Google Fit processes your personal information. Read Google’s privacy protection policy for more information.
VIII. How Your Personal Data Is Transferred Globally
As a globally operating company, we provide our products or services through resources and servers around the world. In order to ensure the service effect (e.g. to ensure the processing speed), under the premise of not violating local data protection laws, we will store user's personal data according to the mobile phone sales area and setting locations. We have established data centers in France, Singapore, India and Indonesia which means,
your personal data may be transferred to, or accessed from, the jurisdictions outside the country/region in which you use the product or service.
You understand that different data protection laws involve different risks. In such cases, we will take measures to ensure that the data we collect is processed in accordance with this Privacy Policy and applicable laws, and that your personal data is equally protected as in the country/region where you use the product or service. For example, we will ask your permission to transfer your personal data overseas, and we will implement security measures such as encryption, de-identification, and signing necessary data transfer/sharing agreements with data recipients prior to cross-border data transfer.
IX. How This Privacy Policy Is Updated
This Privacy Policy is subject to updates or revisions from time to time. We will -as appropriate- send you notifications of material updates to this Privacy Policy in a form we deem appropriate and we will update the last updated date mentioned in the beginning of this Privacy Policy.
This Privacy Policy allows adjustments. However, without your express consent, we will not diminish your rights under this Privacy Policy.
This Privacy Policy shall come into force as of the date of update.
If you have any questions or concerns about our Privacy Policy or related practice, please contact us as specified below:
(A) Email address: privacy@oneplus.com
(B) Postal address: F18, Block C, Tairan Building, Tairan 8th Road, Chegongmiao, Futian District, Shenzhen, China, ZIP Code: 518040
For users located in Europe, OnePlus Technology (Shenzhen) Co., Ltd. is the controller of your personal information and its representative is OnePlus Finland Oy with principal office at Firdonkatu 2T 83, Mall of Tripla, Workery West, 8th Floor, 00520, Helsinki, Finland. Please contact us at:
eurepresentative@oneplus.com
For users in India, please contact our Grievance Officer in India at:
legal.india@oneplus.com