Privacy Shield Principles

We attach great importance to customer’s personal data and privacy protection. Dahua actively follows up and complies with relevant global privacy protection laws and regulations, such as the GDPR in Europe.

We incorporate Privacy by Design (PbD) as a fundamental priority into the design of technology specifications and business practices.Privacy considerations are embedded into the earliest stages of our product and service design, covering the entire life cycle of personal data from collection, transmission, storage, processing, and sharing to destruction.

While providing high-quality products and services, we promise that we will never collect or process any personal data beyond the principles of legality, legitimacy and necessity, and that the data processing activities all comply with relevant laws and regulations on personal data protection.

Privacy Technologies and Features

TEE

The Trusted Execution Environment (TEE) is a technical concept put forward by the Global Platform (GP) organization. Utilizing the ARM TrustZone hardware technology, two physically isolated computing spaces Normal World and Secure World are constructed, providing independent and credible running space for important and sensitive codes.

Trusted Database

Trusted database places database execution engine and storage engine in trusted execution environment, isolates and encrypts database data in memory, encrypts and stores database files, and encrypts and protects data access channels, thus preventing attackers' snooping and unauthorized access to data assets. It mitigates the risk of plaintext data leakage in terms of computing security, storage security and transmission security.

Privacy Masking

Using intelligent identification technology, the target area to be protected in the image is identified and located in the acquisition stage. The image is then processed twice. This technology covers the protected target area, and based on user's hierarchical management, ordinary users can only look at the blocked images. Only authorized management users can restore the complete image.

Privacy Impact Assessment

We follow international and domestic standards such as ISO/IEC 29134-Privacy Impact Assessment Guide and GB/T 39335-2020 Personal Information Security Impact Assessment Guide. It aims to identify the potential impacts of processing activities on the rights and interests of people and design appropriate control measures to reduce privacy risks. It objectively evaluates the effectiveness of security protection measures, significantly improves transparency and effectively protects users' privacy.

Protected Privacy IoT Service

Based on the GDPR, BSI's C5, TR-02102 as well as the internal 2PfG standard, this certification ensures the privacy protection and data security of the Apps and related cloud services are in line with the EU GDPR to the greatest extent.

ETSI EN 303 645

ETSI EN 303645 is a consumer Internet of Things network security standard issued by European Telecommunications Standards Institute, it establishes a security baseline for consumer products connected to the Internet and helps devices better comply with GDPR regulations.

FIPS 140-2

FIPS is established by the NIST and CSEC, used for evaluating, verifying and authenticating the security of cryptographic modules, widely recognized as practical standards in the industry.

Common Criteria

The Common Criteria for information technology security evaluation is an international standard for computer security certification (ISO/IEC 15408)，which driving force for the widest mutual recognition of IT security products, and has been recognized by the member countries of CCRA organization.

Protected Privacy IoT Service

ETSI EN 303 645

FIPS 140-2

FIPS is established by the NIST and CSEC, used for evaluating, verifying and authenticating the security of cryptographic modules, widely recognized as practical standards in the industry.

Common Criteria