KoolLink Privacy Policy

This Privacy Policy applies to the KoolLink mobile application (the "App"), smart portable air conditioner products (the "Products") and related services provided by us (collectively, the "Services"). We are committed to complying with applicable privacy and data protection laws and regulations in the regions where we operate, including but not limited to the California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA) in the United States, the General Data Protection Regulation (GDPR) in the European Union, and the Act on the Protection of Personal Information (APPI) in Japan. We respect and protect the privacy and personal information of all users of our Services (the "Users").

1. Collection and Use of Personal Information

1.1 Principles for Collecting Personal Information

We adhere to the principles of legality, fairness, necessity and transparency in collecting personal information, and only collect personal information that is necessary for the provision and improvement of the Services (Data Minimization Principle). We will not collect excessive personal information beyond the scope of the stated purposes.

1.2 Categories of Collected Personal Information

Based on the actual needs of the Services, the personal information we collect is categorized as follows:

• Account Information (Voluntarily Provided by Users): When you register a KoolLink account, you will voluntarily provide information such as email address, phone number and account password. This information is used for account verification, identity authentication, login management, customer service consultation and product warranty management.
• Product and Device Information (Automatically Collected): When you use the App to connect and control the Products, we will automatically collect device-related information, including but not limited to: device ID, serial number (SN), model, firmware version, operating status (such as operating temperature, wind speed, mode settings), energy consumption data, fault codes and Wi-Fi connection status. This information is solely used for realizing remote control functions, product fault diagnosis, performance optimization, after-sales service and product iterative improvement.
• Usage and Log Information (Automatically Collected): When you use the App and Services, we will automatically collect log information related to your usage, including but not limited to: access time, operation records, IP address, device model, operating system version, App version and network connection status. This information is used for system maintenance, abnormal behavior monitoring, optimizing user experience and ensuring the security and stability of the Services.
• Sensitive Personal Information: For the purpose of realizing device pairing and network connection, we may collect precise location information (only for device pairing) and Wi-Fi password (only for device network access) with your explicit consent. Such sensitive personal information will be stored in an encrypted manner, and we will strictly control the scope of use and take enhanced security protection measures. You may disable the collection of such information at any time through the App settings or device permission management, but this may affect the normal use of some functions (such as remote device pairing).

1.3 Legal Basis for Using Personal Information (Applicable to EU Users)

For Users in the European Union, our use of your personal information is based on the following legal bases as stipulated by GDPR:

• Performance of a contract: To provide you with the core Services (such as remote control of Products) as agreed in the user agreement;
• Your explicit consent: For the collection and use of sensitive personal information (such as precise location information) and other non-essential information;
• Legitimate interests: To maintain the security and stability of the Services, optimize product performance and provide after-sales service (we will ensure that such legitimate interests do not override your privacy rights);
• Compliance with legal obligations: To fulfill the requirements of applicable laws and regulations, such as responding to lawful requests from regulatory authorities.

1.4 Purpose of Using Personal Information

We will use the collected personal information only for the following purposes that are directly related to the Services:

• Provide, maintain and improve the core functions of the App and Products, including remote control, device status monitoring and fault reminder;
• Provide after-sales services, including product warranty verification, fault diagnosis, maintenance scheduling and technical support;
• Send you important notifications related to the Services, such as product safety reminders, firmware update prompts and changes to service terms;
• Optimize user experience, including analyzing user usage habits (without identifying individual users) to improve the design and function of the App and Products;
• Prevent and combat fraud, illegal use and other behaviors that violate laws, regulations or user agreements to protect the legitimate rights and interests of Users and us;
• Comply with applicable laws, regulations, administrative orders or judicial decisions.

2. Storage of Personal Information

2.1 Storage Location

We will store your personal information in secure servers located in regions that comply with local data protection laws, including but not limited to servers in the United States, European Union member states and Japan. We will take appropriate technical measures to ensure the security of the stored data.

2.2 Storage Period

We will store your personal information for the shortest period necessary to achieve the stated purposes of use, unless a longer storage period is required or permitted by applicable laws and regulations. After the storage period expires, we will take safe measures such as deletion or anonymization to process your personal information in a timely manner.

3. Cross-Border Transfer of Personal Information

Due to the needs of global business operations and service provision, your personal information may be transferred between our affiliated companies or to third-party service providers located in different countries and regions. We will ensure that such cross-border transfers comply with applicable data protection laws and regulations in the source and destination regions, and take the following necessary protective measures:

• For cross-border transfers involving the European Union: We will use appropriate safeguards recognized by the European Commission, such as signing Standard Contractual Clauses (SCCs) with data recipients, or transferring to regions that have obtained an adequacy decision from the European Commission;
• For cross-border transfers involving the United States: We will comply with the relevant provisions of CCPA/CPRA and ensure that the data protection level of the destination region meets the required standards;
• For cross-border transfers involving Japan: We will comply with the provisions of APPI on cross-border transfers of personal information, such as obtaining your prior consent (where required) or transferring to recipients that meet the prescribed conditions;
• For all cross-border transfers: We will sign data processing agreements with data recipients to clearly define their obligations and responsibilities for data protection, and conduct regular supervision to ensure that they abide by the agreements and relevant laws and regulations.

If you need to obtain a copy of the relevant cross-border transfer protection measures (such as SCCs), you may contact us through the channels specified in Section 9.

4. Your Rights Regarding Personal Information

We respect your rights to your personal information and provide corresponding channels for you to exercise such rights in accordance with applicable laws and regulations. The specific rights and exercise methods are as follows:

4.1 Core Rights

• Right to Access: You have the right to request access to your personal information held by us, including the categories, sources, purposes of use and recipients of such information;
• Right to Correction: If your personal information held by us is inaccurate or incomplete, you have the right to request us to correct or supplement it;
• Right to Deletion: Under the circumstances stipulated by applicable laws and regulations (such as the purpose of use has been achieved, you withdraw your consent and there is no other legal basis for continued storage), you have the right to request us to delete your personal information;
• Right to Data Portability: You have the right to request us to provide your personal information in a structured, commonly used and machine-readable format (such as CSV/JSON), or to transmit such information directly to a third party designated by you (where technically feasible);
• Right to Withdraw Consent: For the collection and use of your personal information based on your consent, you have the right to withdraw your consent at any time. The withdrawal of consent will not affect the validity of the collection and use of personal information based on consent before the withdrawal;
• Right to Restrict or Object to Processing: For Users in the European Union, you have the right to request us to restrict the processing of your personal information under specific circumstances (such as you dispute the accuracy of the information). You also have the right to object to the processing of your personal information based on our legitimate interests;
• Right to Opt Out of Sale (Applicable to US Users): For Users in the United States, you have the right to opt out of the sale of your personal information. We do not sell your personal information to any third party for commercial purposes.

4.2 Methods to Exercise Rights

• Exercise Channel: You may send a written request to our privacy team via email
• Identity Verification: To ensure the security of your rights and interests, we will verify your identity before processing your request. You may need to provide information such as your registered email address, bound phone number, device serial number (SN) and verification code. For requests involving sensitive personal information, we may require you to provide additional verification materials;
• Response Time Limit: We will process your request in a timely manner in accordance with applicable laws and regulations. Generally, we will respond to your request within 30-45 working days. If the processing is complex or requires an extension, we will notify you of the extension reason and expected processing time in advance;
• Fee Standard: We will not charge any fees for your reasonable requests for exercising rights. If your request is excessive, repetitive or not based on legitimate reasons, we may charge a reasonable administrative fee in accordance with applicable laws and regulations, and we will inform you of the specific fee standard in advance.

4.3 Opt Out of Sale of Personal Information (Applicable to US Users)

We confirm that we will not sell your personal information to any third party for commercial purposes. If you have any questions about whether your personal information is sold, you may contact us through the channels specified in Section 9. If the relevant laws and regulations are updated and require us to adjust the relevant practices, we will update this clause in a timely manner and provide a more convenient opt-out channel.

5. Protection of Minors' Personal Information

Our Services are not intended for minors under the age of 16 (or the minimum age for consent to use the Services as stipulated by local laws and regulations). We will not actively collect personal information from minors.

If a minor uses our Services without the consent of a parent or legal guardian, the parent or legal guardian may contact us to request the deletion of the minor's personal information. To protect the legitimate rights and interests of minors, we will verify the identity of the applicant (such as requiring the provision of a copy of the ID card of the parent/guardian, proof of parent-child relationship, etc.) before processing the request. After the verification is passed, we will delete the relevant personal information within 7-15 working days (depending on local regulatory requirements) and send a confirmation notice to the contact information provided by the applicant.

For Users in the United States (COPPA compliance): We will not actively collect personal information from children under the age of 13. If we accidentally collect personal information from children under the age of 13, we will delete it immediately after discovering and verifying it.

6. Security Protection of Personal Information

We attach great importance to the security of personal information and take a series of technical and management measures to protect the security of your personal information from unauthorized access, use, disclosure, modification, damage or loss:

• Technical Measures: Adopt encryption technology (such as SSL/TLS encryption for data transmission, AES encryption for data storage) to protect sensitive personal information; regularly update and maintain the system and Products, and carry out security vulnerability scans and tests; implement access control and authority management for data, and only authorize personnel who need to know the information to access it;
• IoT Device-Specific Security Measures: For smart portable air conditioners, we implement special security protection, including regular firmware security updates (at least once a quarter), real-time monitoring of abnormal device login (verification code is required for login from unusual locations), and setting up a vulnerability response mechanism (fixing discovered vulnerabilities and pushing updates within 14 working days);
• Management Measures: Establish and improve internal data protection management systems and operating procedures; conduct regular data protection training for employees to enhance their awareness of privacy protection; sign confidentiality agreements with employees and third-party service providers who have access to personal information;
• Emergency Response: Formulate an emergency plan for data security incidents. In the event of a data security incident, we will immediately activate the emergency plan, investigate the cause, take remedial measures, and notify you and the relevant regulatory authorities in accordance with the requirements of applicable laws and regulations.

Please note that although we have taken sufficient security measures, no data transmission or storage method can be 100% secure. You are also advised to take appropriate measures to protect the security of your account information (such as setting a complex password and not disclosing the password to others).

7. Sharing of Personal Information with Third Parties

We will not actively share your personal information with any third party except in the following circumstances:

• With your explicit consent or authorization;
• Share with third-party service providers who provide services for us (such as payment service providers, after-sales service partners, cloud service providers). These third parties can only access the personal information necessary for providing services, and we will sign data processing agreements with them to restrict their behavior and require them to take corresponding security protection measures;
• Share in accordance with applicable laws and regulations, legal procedures or the requirements of judicial and administrative authorities;
• Share to protect the legitimate rights and interests of us, Users or other third parties, such as responding to fraud, protecting personal and property safety;
• Share in the event of a merger, acquisition, asset transfer or similar transaction. In such cases, we will notify you in advance (unless prohibited by law) and ensure that the transferee continues to abide by this Privacy Policy.

We will not sell your personal information to any third party for commercial purposes, unless permitted by applicable laws and regulations and with your explicit consent.

8. Updates to This Privacy Policy

We may update this Privacy Policy from time to time due to changes in laws and regulations, adjustments to business needs or changes in service functions. When we update this Privacy Policy, we will mark the new effective date and notify you through prominent channels such as App pop-up windows, push notifications or registered email addresses. For major changes (such as changes in the scope of collected personal information, significant adjustments to the purpose of use, or changes in the way of cross-border data transfer), we will take more eye-catching notification methods (such as separate email notifications) and, where required by applicable laws and regulations, obtain your consent again.

We will retain the historical versions of this Privacy Policy on our official website for at least 2 years, and mark the effective date of each version to facilitate your inquiry. Your continued use of the Services after the update of this Privacy Policy constitutes your acceptance of the revised Privacy Policy.

9. Contact Us