Privacy Policy

UNIVERSAL ELECTRONICS INC. QUICKSET PRIVACY POLICY

Universal Electronics Inc. (UEI) [www.uei.com] considers privacy to be of the utmost priority for our customers and end users of our products and service. This Privacy Policy sets forth the principles and standards that UEI is committed to comply with when we process personal data, in particular in providing our QuickSet Technology Product and Services.QuickSet is a cloud service and software product that enables the connectivity of smart home devices such as set top boxes, home theater devices, HDMI devices, lighting, and various other connected and unconnected devices. We offer QuickSet as a Business to Business service to our customers and we process personal data of the end user (the “Data Subject”) in the context of such services solely for the benefit of our customers and to execute the agreement that is in place for using the service of QuickSet. The terms that apply to such processing are documented in the agreements governing the provision of such services which are based on the requirements imposed by the General Data Protection Regulation (EC Regulation 2016/679) and other applicable privacy legislation. UEI does not use personal data obtained from customers in the context of the provision of our services for any other purpose, or as may be authorized by our customers or Data Subjects. UEI will only collect personal data where it is necessary to perform the relevant processing activity and will ensure it is protected by adequate access, retention and other controls. We have agreed with our customers that end-consumers shall be informed accordingly.

Purposes and types of data we may process

General: UEI, in the context of QuickSet, processes data obtained from its customers under the direction of its customers and has no direct control or ownership of the personal data it processes other than for authorized provision of the services for the benefit of Customers and Data Subjects utilizing the service. Customers are responsible for complying with any regulations or laws that require providing notice, disclosure and/or obtaining consent prior to transferring the data to UEI for processing purposes.

Purpose of the use of data: When using QuickSet, customer will transfer data into the UEI systems. UEI processes such data for the purposes of providing the services to its customers, including to discover devices in the home, facilitate device-to-device communication, optimize device performance, prevent or resolve technical problems, respond to support issues and customer’s instructions, and provide back-end security features for protecting user data to prevent unauthorized access by third parties. We also process the personal data to analyze use of our products and services in order to improve the quality of our product and provide a more seamless experience for the end user. Some of this data may be retained or aggregated with other data for quality purposes and facilitating improvements to the service, each as authorized by customers.

How data is processed:  QuickSet software in a device works generally by using embedded software to gather data about connected and nearby devices such as various hardware or software signatures from a Data Subjects device (such as TV, STB, Audio Device, or another Smart Home Appliance).  This information is then transferred to QuickSet Cloud servers of UEI or third-party data processors.  The data is used on the servers to match the device signature data with known control protocols, associated meta data and methodologies created and maintained by UEI (control & interoperability instructions).  These control instructions are then transferred back to the Data Subjects device for setup and further processing in order to allow the Data Subject to interact with other devices and services which are compatible with their original device running QuickSet.

Categories of data: Personal data may include the Data Subject’s username, IP address, and hardware signatures related to the IP address. We employ stringent security measures to protect this data and ensure it remains confidential.

Storage of the data: The data is processed and stored on servers in the US. If we transfer the personal data to another country, we will take appropriate legal and technical measures to protect privacy of end-users and the personal data we transfer. In case UEI must transfer personal data to a sub-processor, such as a support partner, UEI remains responsible for the treatment of personal data after the transfer.  UEI uses Microsoft Azure and Google FireBase as sub-processors for QuickSet services and data.

Data retention and Data accuracy

UEI will keep the personal data only as long as it is needed for the purposes for which it was collected. We will take appropriate steps to ensure that the personal data in our records is accurate, and that the data will be deleted or anonymized after the termination of the services for which it was collected and as set forth in our customer agreements and associated obligations.

Access to Personal Data

The Data Subject has the right to access, modify, or delete their data at any time, and we provide contact information to help the Data Subject exercise these rights. If they wish to exercise their rights or obtain more information, they may direct the request to privacy@uei.com. The query will be directed to the UEI customer responsible for the personal data (the data controller) and UEI shall assist in such requests.

Data Breach Notification

If UEI becomes aware and determines that an incident involving personal data qualifies as a breach of security leading to the misappropriation or accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data processed by UEI, UEI will promptly report such breach to the customer and assist them in their notification obligations to the Data Subject.

Disclosure in special circumstances

UEI may also be required to disclose personal data if it is necessary to conform to legal requirements or comply with legal processes in response of lawful requests by public authorities, for example for national security reasons or law enforcement requirement.

Disclosure to third parties (processors)

UEI may use Microsoft Azure, Google FireBase, or Amazon AWS as sub-processors for QuickSet services and data, or other services or data for which this privacy policy may be applicable.  Each sub-processor employs appropriate legal and technical measures to protect privacy of end-users, and the personal data as set forth in the policy. Regardless, UEI remains responsible and liable under the EU-US DPF Principles, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF priciples if third-party agents that it engages to process the personal data on its behalf do so in a manner that is inconsistent with the beforementioned DPF principles, unless UEI proves that it is not responsible for the event giving rise to the damage.

Choice

If personal data covered by this privacy policy is to be used for a new purpose that is materially different from that for which the personal data was originally collected or subsequently authorized, or is to be disclosed to a non-agent third party in a manner not specified in this policy, UEI will provide you with an opportunity to choose whether you have your personal data so processed. You shall be provided the option to opt out in that particular circumstance or by sending an e-mail to the contact information below. Sensitive information is not collected nor used by UEI and shall in no case be subjected to another purpose for which it was collected without explicit consent.

Security

UEI uses reasonable commercial efforts to protect your personal data including internal data handling policies, industry standard or better data security protocols, encryption methodologies, and other protections typically provided by our data sub-processor. We restrict access to your personal data only to employees and authorized persons who need to access the information for the purposes of processing identified above. These persons are committed and trained to comply our privacy policies and bound by confidentiality agreements.

Data Privacy Framework

UEI as well as its subsidiary Ecolink Intelligent Technology Inc, complies with the EU-U.S. Data Privacy Framework Program (DPF) principles, including the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Principles as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom and/or Switzerland to the United States in reliance on the DPF. UEI has certified to the Department of Commerce that it adheres to the DPF principles with respect to such information. If there is any conflict between the terms in this privacy policy and the DPF principles, the DPF principles shall govern. To learn more about the DPF program, please visit https://www.dataprivacyframework.gov/.

Dispute Resolutions

UEI is committed to resolving any conflicts or disputes that may arise in relation to this Privacy Policy. If the Data Subject has a complaint or opt out request, they may contact UEI at: privacy@uei.com.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, UEI commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.  The services of EU DPAs, ICO and the Swiss FDPIC are provided at no cost to the Data Subject.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms with respect to personal data received or transferred pursuant to the Data Privacy Framework.

Additionally, UEI acknowledges that it is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).