1. Home
  2. Support
  3. Compliance

EU Data Act Transparency Declaration

1. Purpose and Scope


In accordance with Regulation (EU) 2023/2854 (the “EU Data Act”), GIGABYTE Technology, Co., Ltd. and its affiliates (“we”, “us”, or “GIGABYTE”) provide the following information about our Connected Products and Related Services (“products and services”).


This declaration aims to inform users about the types of data generated by our products and services, how that data is collected, processed, and stored, and the mechanisms for user access. It also outlines our practices regarding data sharing and user rights under the EU Data Act.

Important notes:

  • The precise data generated depends on the specific model, configuration, installed software, enabled features, usage patterns, and any optional services or add-ons.
  • This document will be updated as needed to reflect changes in products, services, or data practices.
  • This declaration covers data generated by the use of the product or related service that is readily available to us as the data holder. It applies to both personal and non-personal data.

Covered Products and Services

This declaration applies to GIGABYTE’s connected products and associated services sold or provided in the European Economic Area, including but not limited to:

  • Computing devices (notebooks, desktops, tablets, workstations)
  • Motherboards
  • VGA Cards
  • Enterprise and infrastructure solutions (servers, storage, networking)
  • Smart devices, accessories, and peripherals
  • Related software, firmware, cloud services, remote management, diagnostics, updates, and support platforms

Because our products differ in their hardware configurations, firmware, operating systems, optional software, and supported services, the data generated and the methods of access may vary between product families and individual product models. Accordingly, this Statement is organized by product family. Each section describes the data capabilities that are generally applicable to the relevant product family

1.1 Scope of Data Access Rights
Under Article 3 of the EU Data Act, you have the right to access the data generated by your use of our connected products without undue delay, free of charge, and, where applicable, continuously and in real-time. This right applies strictly to:

  • Raw and Pre-processed Data: Data directly generated by the user’s actions or as a direct byproduct of the device's operations (e.g., sensor logs, hardware state telemetry, or direct usage metrics).

1.2 Protection of Trade Secrets and Intellectual Property
While we facilitate robust data portability, the EU Data Act explicitly protects commercial confidentiality. Data access does not extend to:

  • Information that has been significantly enriched, analyzed, or transformed by our proprietary software algorithms.
  • Proprietary source code, diagnostic software tools, or operational software firmware.

In alignment with Article 4(6) and Article 5(8) of the Act, where the extraction of requested data poses a demonstrable risk to our Trade Secrets, we reserve the right to condition data sharing on specific technical and organizational security agreements, or, in exceptional circumstances where serious economic damage is highly likely, refuse disclosure.

2. Laptops

⁠⁠

Product Description:

GIGABYTE Laptops are designed for gaming and everyday computing tasks such as browsing, document creation, and media consumption. The Laptop includes standard hardware (e.g., processor, storage, Wi-Fi) and a pre-installed operating system (e.g., Windows 11) and a pre-installed software program called GiMate that provides users with voice-activated, AI powered control of Laptop settings (battery, GPU, fan, sound, etc.).⁠

2.1 Type, Format, and Estimated Volume of Product Data Generated

⁠- **Type**: The laptop’s GiMate software collects anonymized data related to its use and configuration, including:

  • Unique device identifier (UUID, e.g., "42314748-3331-3030-3131-330000000000").
  • Power mode (e.g., "AC mode" or battery).
  • Operating system details (e.g., name: "Microsoft Windows 10 Home", serial number).
  • Hardware specifications:

o    Network adapter (e.g., MAC address: "F4:8C:50:A8:2C:30", name: "Intel(R) Dual Band Wireless-AC 8260 #2").

o    CPU (e.g., "Intel(R) Core(TM) i7-7700HQ", 2.80GHz).

o    GPU (e.g., "NVIDIA GeForce GTX 1050", 2GB).

o    RAM (e.g., "Kingston-CBD24D4S7S8MB-8-2400", 8GB).

o    Storage devices (e.g., "TS128GMTS800", 119GB; "HGST HTS721010A9E630", 932GB).

o    Battery cycle count (e.g., "3 cycles").

o    Device model (e.g., "P34V7").

o    Update timestamp (e.g., "1524708545583").

- **Format**: Data is stored in structured JSON format, readable via system tools or manufacturer-provided utilities.


- **Estimated Volume**: Approximately 10-50 KB per data collection event (e.g., weekly or on system update), totaling ~1-5 MB annually under typical use, due to the limited scope of anonymized fields

2.2 Capability to Generate Data Continuously and in Real-Time

⁠⁠- **Capability**: The laptop does not generate data continuously or in real-time. Data collection occurs periodically (e.g., during system updates, power mode changes, or hardware status checks) and is event-driven, not a constant stream. For example, battery cycle count updates when charging, and hardware specs are logged on initialization.

2.3 Capability to Store Data On-Device or on a Remote Server, Including Retention Duration

  • On-Device Storage: Data is stored locally in system logs or configuration files on the laptop’s internal storage (e.g., SSD/HDD, capacity ~256GB+). Retention lasts until overwritten, deleted by the user, or the device is reset.
  • Remote Server Storage: If not opted out, anonymized data may be transmitted to GIGABYTE servers for purposes of product improvement. Retention on servers is up to 12 months, after which data is aggregated or deleted.
  • Opt-Out: Users can disable remote collection via software settings (see below), preventing server storage.
  • Intended Duration: On-device: indefinite until user action; remote: 12 months unless opted out.

2.4 How the User May Access, Retrieve, or Erase Data

  • Access and Retrieval:
    • On-Device: Users can access data via OS tools (e.g., Event Viewer on Windows) or manufacturer-provided diagnostics software (pre-installed or downloadable from GIGABYTE Website).
    • Remote: If data is sent to servers (pre-opt-out), users can request a summary via [https://www.gigabyte.com/de/Support], subject to verification.
  • Erasure:
    • On-Device: Delete logs via OS settings (e.g., clear system logs) or reset the device (e.g., Windows “Reset this PC”).
    • Remote: Opt out of collection in software settings (e.g., [GiMate] > Privacy > Disable Data Analytics Sharing). Post-opt-out, no new data is sent; existing server data can be requested for deletion via [https://www.gigabyte.com/de/Support].

2.5 Purpose for Which Data Collected Is Used

⁠Anonymized data is used to:
- Improve product design and software updates (e.g., optimize power modes, enhance driver compatibility).
- Ensure system stability (e.g., analyze hardware configurations for bug fixes).


- **Scope**: Data is not used for marketing or profiling, as it’s anonymized and limited to technical purposes.

2.6 Potential Data Owner and Third Parties Involved in Data Processing

  • Data Owner: The user owns on-device data. GIGABYTE is the data holder for the anonymized use and configuration data that it receives via GiMate software.
  • Third Parties: No third parties process this data. If remote collection is enabled, only GIGABYTE handles it on secure servers. The OS provider (e.g., Microsoft) may collect separate telemetry under its own terms, unrelated to this software.

2.7 How to Control Disclosure of Data to Third Parties

  • Control: No data is disclosed to third parties by Gigabyte. Users can prevent remote data transmission by:
    • Disabling telemetry in [GiMate] settings (e.g., Settings > Privacy > Data Collection > Off).
    • Disconnecting from networks to block uploads.
  • Process: Opt-out is effective immediately; no further data is sent.


2.8 User’s Right of Appeal to the Competent Authority
- **Rights**: Under the Data Act (Article 11), users can lodge a complaint with a national competent authority if data access rights are denied or obligations unmet.

Procedure: Submit complaints per the authority’s guidelines, referencing Data Act non-compliance.