This Privacy Policy (“Policy”) by TP-Link Research America Corporation located at 245 Charcot Avenue, San Jose, CA 95131, USA and its representative TP-Link UK Ltd., Unit 2 & 3 Riverview (142-144), Cardiff Road, Reading, RG1 8EW, UK (“TP-Link”, “we”, “our”) inform you about the personal data we collect when you use the NC Cameras Devices and Services.

Below you will find information on how we use your personal data, for which purposes your personal data is used, with whom it is shared and what control and information rights you may have.
1. NC Cameras

NC Cameras, our cloud camera products, that include the following models: NC200, NC210, NC220, NC230, NC250, NC260, and NC450 (collectively “Devices”). The Devices are supported by the tpCamera App and tplinkcloud.com (collectively “Services”).

2. Summary of Our Processing Activities

When you use our Devices and/or the Services we collect personal data. Personal data is any information relating to a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, or an online identifier. In this section we will summarize how we collect data and what we do with it. You will find more detailed information under the indicated sections below.

  • When you use the Devices without setting up an account, no personal data will be processed. Please note that without account registration the use of our Devices and Services will be very limited.
  • In case you register a user account for one of our Services (“tpCamera Account”), personal data will be processed in order to deliver such services.
  • Your personal data might be disclosed to third parties that are located outside your country of residence; potentially, different data protection standards may apply.
  • We have implemented appropriate safeguards to secure your personal data and retain your personal data only as long as necessary.
3. Processing Activities

3.1 tpCamera Account Registration and Delivery of Services

In addition to the above, with regard to the registration of a tpCamera Account and its subsequent use, we process:

  • Information (such as your name, user name and email address) that is provided by registration;
  • Information in connection with an account sign-in facility (e.g. log-in and password details);
  • Communications sent by you (e.g. via e-mail or website communication forms);
  • Device data (e.g. Device ID, MAC address, IP address)
  • Device/Service usage data (e.g. device activation such as friendly name of device);

The information which is necessary for the performance of the service is labelled accordingly. All further information is provided voluntarily.

We will process the personal data you provide to:

  • identify you at sign-in;
  • provide you with the Services and information which you request;
  • administer your tpCamera Account;
  • communicate with you;

For this, the legal basis is Art. 6 (1) b) GDPR.

Your personal data is, in the absence of exceptions within the specific services mentioned below, retained for as long as your tpCamera Account is used. After deletion of your account, your personal data will be erased without undue delay. Statutory storage obligations or the need for legal actions that may arise from misconduct within the Services or payment problems can lead to a longer retention of your personal data. In this case, we will inform you accordingly.

3.2 Improvement of Our Devices/Services

We further might use your personal data in order to improve our Devices/Services. This might include all data under Section 3.1 above. Your personal data will be anonymized where possible.

For this, the legal basis is Art. 6 (1) f) GDPR. Our legitimate interest pursued is the state of the art development of our products in order to ensure safety and remain competitive.

Your personal data will be stored, for as long as this is necessary for the development of a respective improvement. Once completed your personal data will be deleted immediately.

3.3 Marketing

In case you have granted consent, we use your personal data for direct marketing purposes. Legal basis for this is Art. 6 (1) a) GDPR. You might revoke that consent at any time.

In order to provide you with our marketing services, we use The Rocket Science Group LLC d/b/a MailChimp, (Atlanta, GA, USA) as service provider for the processing on our behalf.

We will delete your personal data for marketing purposes, either, if you object to the processing of your data or withdraw the consent immediately.

4. Cookies

The Services use cookies in several cases. Cookies serve to make our offer more user-friendly, more effective, and safer. Cookies are small text files that are stored on your computer. This data does not contain information that we could allocate to a natural person.

Cookies do not harm your computer and do not contain any viruses. You can prevent the use of cookies by adjusting your browser settings. Please note that in this case you may not be able to fully utilize all functions of this website.

We use cookies in order to enhance your customer experience. Legal basis for this is Art. 6 (1) f) GDPR. Our legitimate interest pursued is the sale of further products and/or services to you.

5. Recipients of your Personal Data

We may engage companies from our corporate family to perform software maintenance services and to provide customer support. They may have access to your personal data to perform these tasks on our behalf and they are not authorized by us to otherwise use or disclose your personal data, except to the extent required by law. Note that your video data can only be stored locally on your camera’s SD card and is not accessible by us or any third-party.

6. Cross-Border Data Transfers

Your personal data will be transferred to other countries (including countries outside the EEA) which may have different data protection standards than your country of residence. Please note, that data processed in a foreign country may be subject to foreign laws and accessible to foreign governments, courts, law enforcement, and regulatory agencies. However, we will endeavour to take reasonable measures (e.g. conclusion of EU SCCs or selection of Privacy Shield certified service providers) to keep up an adequate level of data protection also when sharing your personal data with such countries.

When using the Services your personal data (incl. any video footage) will be transferred into and stored in the US. The transfer is necessary for the performance of the contract and delivery of the Services by TP-Link (Art. 6 (1) b), 49 (1) b) GDPR.

7. Security

We have implemented measures, including encryption and SSL technology, designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure.

Your account’s privacy and security is protected by your password. In order to prevent unauthorized access to your account and personal information, you should select a strong password and protect it by limiting access to your computer, device, browser or application and by signing off after you have finished accessing your account. If you use a third-party service to sign into your account, you should protect that account accordingly as well.

While we strive to always protect the privacy of your account and personal information in our records, we cannot always guarantee it will be completely secure. The security of your personal information may be compromised by unauthorized entry, unauthorized use, hardware failure, software failure, and other factors at any time.

8. Data Retention

We strive to keep our processing activities with respect to your personal data as limited as possible. In the absence of specific retention periods set out in this Policy, your personal data will be retained only for as long as we need it to fulfil the purpose for which we have collected it and, if applicable, as long as required by statutory retention requirements.

9. Your Rights

You may receive information about your personal data that we store at any time, free of charge. You do not need to give reasons.

If personal data is inaccurate or no longer needed, you can also restrict, correct or delete such personal data.

In case the processing of your data is based on Art. 6(1)(f) GDPR (Legitimate Interest, cf. above) or your data is processed for direct marketing purposes, you have the right to object to the processing of your personal data.

You have the right to receive your personal data in a machine-readable format and to transmit them to another person responsible in accordance with Art. 20 GDPR.

You may revoke any consent to the collection and use of data given to us.If you believe that the processing of personal data relating to you infringes data protection regulations, you may complain to a supervisory authority, in particular in the Member State where you are resident or the place where the alleged infringement occurred, without prejudice to administrative or judicial remedies.

10. Our Data Protection Officer / Contact

If you have any questions that this policy could not answer, or if you require further information on a particular point, please do not hesitate to contact us at any time. You can reach our data protection officer by writing an e-mail to privacy.tpra@tp-link.com