Latest update: May 11, 2020
Prior to the use of DingTalk products or services, please carefully read and thoroughly understand this Policy and confirm that you have fully understood and agreed to this Policy before using relevant products or services. Your use of DingTalk products or services shall be deemed as you have fully understood and agreed to this Policy.
If you have any questions, comments or suggestions on the content of this Policy, you may contact us via [DingTalk APP-Me-Help-My Customer Services-DingTalk Aide] or [firstname.lastname@example.org].
Part 1 Definitions
1.1 DingTalk Service Providers: means DingTalk (Singapore) Private Limitedand who conduct research over, develop and provide DingTalk products and services, collectively named as "DingTalk Company”, “DingTalk or “us”.
1.2 : mean any of DingTalk Service Providers as disclosed by Alibaba Group Holding Limited in its latest annual report. For details please visit http://www.alibabagroup.com/cn/ir/secfilings.
1.3 Alipay: refers to the main provider of Alipay services Alipay (China) Network Technology Co., Ltd.
1.4 DingTalk Enterprise/Organization User: It refers to the register, management and use of DingTalk Service on behalf of an enterprise/organization by its legal representative or its appointed or authorized administrator and to establish an organizational structure through DingTalk management platform. DingTalk enterprises/organization users are include but are not limited to legal persons, government agencies, other organizations, partnerships or individual businesses.
1.5 DingTalk Enterprise/Organizational Administrator: means individual DingTalk Users who are authorized or designated by the DingTalk Enterprise/Organizational User and have the operational authority on behalf of the DingTalk Enterprise/ Organizational User to open, manage and use of the DingTalk Service.
1.6 DingTalk Personal User: refers to the individual DingTak user who registers a DingTalk account, which including DingTalk Enterprise/Organizational Administrator and who does not have the operational authority on behalf of DingTalk enterprise/organizational users hereinafter referred to as "You" or “you”.
1.7 Personal Information: means all information electronically or otherwise recorded that can be used to identify a natural person or reflect his/her activities, whether on its own or in combination with other information.
1.10 Personal Information Deletion:means the removal of Personal Information from the systems as involved in daily business operations so as to keep such information irretrievable and inaccessible.
1.10 Personal information anonymity: means the process of processing personal information, which makes the subject of personal information unrecognizable and the processed information unrecognizable.
1.11 Personal Information Controller: An organization or individual with the right to determine the purpose, manner, etc. of personal information processing. Some of the personal information controllers in this agreement refers to DingTalk enterprise/organization users.
Unless otherwise defined, the terms and definitions used herein shall have the same meaning as in the DingTalk Service Agreement.
This part will help you understand the followings:
I. How we collect and use your information
II. How we use Cookie or the like
III. How we share, transfer and disclose your information
IV. How we protect your Information
V. How you manage your information
VI. How we process information of minors
VII. How we store and transfer information outside your country
VIII. How we update this Policy
IX. How to contact us
I. How we collect and use your information
When you use DingTalk Services, we need / may need to collect and use your personal information in the following two ways:
1. In order to provide you with the basic functions of our DingTak products and / or services, you must authorize us to collect and use your necessary information. If you refuse to provide relevant information, you will not be able to use our products and / or services normally;
2. In order to provide you with additional functions of our DingTak products and / or services, you can choose to authorize us to collect and use your information. If you refuse to provide, you will not be able to use the relevant additional functions normally or achieve the function effect we intend to achieve, but it will not affect your normal use of the basic functions of our products and / or services.
You understand and agree that:
1. We are committed to creating a variety of DingTalk products and services to meet your needs. Because we provide you with a wide range of products and services, and different users choose to use different specific products / services, corresponding, basic / additional functions and the type and scope of personal information collected and used will be different, please refer to the specific DingTalk product / service functions;
2. In order to bring you a better product and service experience, we are constantly striving to improve our technology, and then we may launch new or optimized functions from time to time, and may need to collect and use new personal information or change the purpose or method of using personal information. In this regard, we will update this Policy, pop-up window, page prompt and other ways to separately explain the collection purpose, scope and usage of the corresponding information to you, and provide you with the way of independent choice and consent, and collect and use it with your express consent. In this process, if you have any questions, opinions or suggestions, you can contact us through various contact information provided herein, and we will get back to you as soon as possible.
In order to provide DingTalk Services to you and DingTalk Enterprise/organization Users, to maintain the normal operation of DingTalk Service, improve and optimize our service experience and ensure your account security, we will collect information that you actively provide, authorize or provide based on the requirements of your company/organization, together with information generated when you use DingTalk Service and based on the following purposes and methods of this Policy:
(I) Help you to become our registered DingTalk user
1. Reregister as a DingTalk personal user
To register as a DingTalk personal user so that we are able to provide you with DingTalk basic services such as instant messaging/chat , video conference call, VOIP call, DING Message and other service for communication，you need to provide your cellphone number and message authentication code to create a DingTalk account, and thereafter you may need to provider with your name, profile picture, nick name, gender, date of birth, the place of your job, company email and other basic information. You are not required to register to be our member or provide the above information if you only use such basic services as browsing and searching the DingTalk official homepage and DingTalk open platform for services and the introduction thereof.
2. Reregister as a DingTalk enterprise/organization user
In order to register as a DingTalk enterprise or organization user, so that we can provide DingTalk Services based on the employment and management behavior of your enterprise or organization, such as DingTalk intelligent personnel management services (including employee roster, employee car, employee enrollment, labor contract management and resignation management, employee holiday management, and enterprise announcement, etc.), DingTalk intelligent office application services (including attendance management, approval, daily record, schedule, collaborative document editing, email and conference room services, etc.), DingTalk telephone conference, group chat, etc. to achieve the transformation and upgrading of enterprise / organization's digital office, you need to provide your enterprise / organization name to create a DingTalk enterprise/organization account, otherwise you will not be able to use the DingTalk Service based on the enterprise organization management behavior. After you register as a DingTalk enterprise or organization user, you must further provide us your location of the enterprise / organization, industry type and personnel scale information. If you need to obtain more rights and interests (such as applying third party application service that charging fees, etc.), as an enterprise/organization administrator, you need to provide specific information and materials on behalf of your enterprise/organization to complete the DingTalk enterprise/ organization certification, including your copy of business license, official registration number ,name of the enterprise/organization, address, name of legal representative, ID card number of legal representative, certification official letter, etc.
(II) Collect and use you information in the process of using DingTalk Services
When you are using DingTalk Services, in order to provide you with more and better compatible hardware and/or software services, interactive design, search results and to identification of account abnormal status, maintain the normal operation of DingTalk Service, improve and optimize your experience of DingTalk Service and ensure your account security, we will collect your information and may connect these information:
1. Use information: We will collect the information you submitted or generated when using DingTalk Service as an individual DingTalk user and as an end user of a DingTalk enterprise/organization user. For example, if you use DingTalk for IM chat service, we need to record your chat information and voice call status information (NOT call content) so as to realize information transmission and interaction. If you need us recommend your friends and colleagues who has registered DingTalk account from your mobile phone contacts so that you can add DingTalk friends or colleagues easily, you need to authorize us to access and collect your mobile phone contacts information; if you choose to open the DingTalk job hunter service, you need to provide further information about your school roll information (name of school, highest degree, major), personal email, personal photos, etc.), video resume and other information and you agree us to verify your information through a third party certification service; if you want to use the DingTalk stream video function as a host, you need to provide your ID number or complete the real person authentication by the means face scanning.
2. Device information: On the basis of the specific authorizations granted by you in installation and use of the software, we will receive and record information relating to the device used by you (e.g., device model, operating system version, device settings, unique device identifier and other information of software and hardware features) and the location of such device (e.g., IP address, GPS/Beidou location information, and any Wi-Fi access point, Bluetooth, base station and other sensor information).
3. Log information: When you use products or services provided by our DingTalk APP, website and、or DingTalk hardware, we will automatically collect detailed operation log information relating to your use of our services and save them as network logs, such as your searches with the APP, your IP addresses, types of browsers, telecommunication service providers, languages, visit dates and times, web pages visited by you, and status of the call by applying Dingtalk conference call and/or Voice message, your Approval log information, attendance log information, payment information, nail transaction log information and other within DingTalk App Center and any other operation log information.
Please note that the device information or log information alone is not sufficient to identify a certain natural person. If we combine such non-Personal Information with other information to identify certain natural person, or use the same in combination with Personal Information, then such non-Personal Information will be deemed as Personal Information during such combination, and we will anonymize and de-identify such Personal Information unless with your authorization or it is otherwise provided by laws and regulations.
4. Enterprise/organization Control Data
If you choose to open and manage the DingTalk Service as the administrator of the DingTalk enterprise/organization user, we will collect the information and data instructed by you upon the management by your enterprise/organization in the process of using DingTalk functions/applications (hereinafter referred to as "Enterprise/ Organization Control Data"). The Enterprise/ Organization Control Data may include:
- The position, subordinate department, main business, office mailbox account, office telephone and other information assigned to you by your organization, as well as the fingerprint map and feature, face recognition feature, face photo and geographical location and other sensitive information that you are required to provide or produce in order to complete the daily operation and management of the enterprise/organization, together with attendance information, approval records, journal information, calendar information, file information stored in the DingTalk Disk, etc.
- Your transaction information when using DingTalk Service or choose and purchase third-party application service so as to show you and facilitate your order management. For example, we will collect your transaction information if you as a DingTalk administrator in the APP Center, to buy third-party applications service.
- If the administrator of your enterprise chooses to open, manage and use the DingTalk unified contacts function by uploading organizational Structure, DingTalk smart work service and other digital networking service, you may need to provide your personal information of information assign by you company/organization as required by your company/organization, such as your identity information (name, identity card information, etc.), enterprise position information (department, position, grade), and the status letter of labor contract, your business and personal contact information (mobile phone, fixed telephone, mailbox), business and personal contact address (home address, office address), educational background information (school, profession, education), payroll bank card information, emergency contact information and/or external business contact card information, etc.
- if you choose to open, manage and use DingTalk education scenario related application service by the school, you need to provide your school students’ family contact information (name, mobile number, contact address), students’ identity information (name, face photo), class information (grade, class) and other information that school collected and uploaded, or other personal information that school instruct you to provide.
- Other data submitted by enterprise/organization users that contains your personal information, such as organization chart information (including job information, contact information, personal identity information of end users to an enterprise/organization, etc.)
You understand and agree that the enterprise/organization user are the date controller and/ or personal information controller of the above-mentioned Enterprise/ Organization Control Data. The DingTalk Company only opens, manages and uses the DingTalk Services to process your personal information/data according to the instruct of the enterprise/organization administrator on behalf of the DingTalk enterprise/organization user. Before uploading organization contacts or school class contact information, instructing DingTalk end user to submit personal information and external business contact information, the enterprise/organization user and its administrator shall ensure that they have obtained explicit consent of individual users in advance, and only collect the necessary end-user information for the purpose of enterprise/organization operation and management, and have been fully informed the purpose, scope and usage of end-user related data as collected.
5. Information provided by you
In the process of using DingTalk Service, you may actively contact us to give feedback on the experience of DingTalk products and services, help us better understand your experience and needs of using and improving our products or services, and we may record your contact information, your question and suggestion, etc. so that we may get back to you with our further feedbacks.
You can provide or order services for others through DingTalk Service and thus information of relevant personnel may be collected. Such as if you submit the enterprise/organization user for DingTalk enterprise/organization authentication process, in addition to submitting organizational documents such as enterprise name and business license certificate, you also need to submit the name and identity information of administrator and legal representative. You understand and agree that you need to ensure that you have obtained the authorization of the person concerned before providing us with the aforementioned personal information. If the aforementioned individual does not agree, we will not be held liable to the infringement of that personal information if any.
6. Information provided by third parties to us
We will collect your personal information when any other user makes any operation related to you, and from DingTalk’s s, partners or other lawful channels. For example, In order to complete the registration of your personal DingTalk account, you agree that the carrier will send SMS verification code to us based on your personal mobile number, otherwise, you will not be able to register the DingTalk account. In order to complete the receiving and sending of red envelops, group payment and business office payment service, we need Alipay to provide your Alipay account information (including nickname, head and account name) to complete the binding of Alipay account with the DingTalk APP. in order to protect your legitimate rights and interests, to guard against fraud, gambling and other risks and maintain DingTalk Services and pay related functions of safe and stable operation, we need to obtain the user identification information of the payment account you actually use from the third party payment institution.
If you are using iPhone or iPad, when you enable DingTalk Sport, you agree that we will request and receive your step information from Apple's HealthKit via DingTalk, otherwise you will not be able to use DingTalk Sport. Without your consent, we will not share your step information DingTalk received from Apple's HealthKit with any third party, including any advertisers and any other agents, and will not use HealthKit information for marketing, advertising and similar companies.
7. Customer service and dispute settlement
When you contact us or apply for after-sales and dispute settlement during sale, in order to ensure the security of your account and system, we need you to provide necessary personal information to verify your membership.
In order to contact you easily, help you solve the problem as soon as possible or record the solutions and results of relevant problems, we may keep your communication/call records and relevant contents (including account information, work order information, other information you provide to prove relevant facts, or contact information you leave), if you consult, complain or for advice, we will use your account information and work order information.
In order to provide services and improve service quality, we may also use other information about you, including the information you provided when you contacted customer service, and the information you sent us when you participated in the questionnaire.
8. Provide you with the public release function of comments, Q & A and other public information
You can publish information through the DingTalk colleague circle, DingTalk community, DingTalk Enterprise Square, announcement, comment, typical customer case, live broadcast and other information publishing functions provided by us, including publishing graphic / video / live content, link, publish evaluation and Q & A content as DingTalk users, and as the administrator of the third-party application service provider in DingTalk APP Center to release information about its goods and / or services. Please note that your publicly published information or content may involve your or others' personal information or even personal sensitive information, for example, you choose to upload pictures containing personal information when evaluating or making comment. Please consider more carefully whether to share or even publicly share relevant information or content when using DingTalk services. If the personal information of children is involved in the information you publish publicly, you need to obtain the consent of the corresponding child guardian before publishing.
9. Collecting information for providing you with security
In order to improve the security of your use of DingTalk services provided by us, our s and partners, protect your or other users or the public's personal and property security from infringement, better prevent phishing websites, fraud, network vulnerabilities, computer viruses, network attacks, network intrusion and other security risks, and more accurately identify violations of laws and regulations or DingTalk Service agreements and rules, We embed the application security SDK developed by our d companies in the application to collect your personal information, service use information, equipment information, service log information, and may use or integrate your member information, transaction information, and information authorized by you or shared by our d companies and partners according to the law to comprehensively judge your account and transaction risk and conduct Identity verification, detection and prevention of security incidents, and take necessary record, audit, analysis and disposal measures according to applicable laws.
In order to provide you with more convenient, high-quality and personalized DingTalk Services and strive to improve your good experience, we may collect and use your personal information in the following additional services provided to you. If you do not provide this information, it will not affect the basic services such as digital office, communication and collaboration, but you may not get the user experience that these additional services bring to you. These additional services include:
- additional service based on contact information: we will collect your contact information after you consent DingTalk to read your contact information, so that we can automatically recommend to your contacts who use DingTalk in your contact list so as to add DingTalk friend or to match or recommend possible colleagues to install and apply DingTalk for digital office experience.
- allow contact to write DingTalk official service number service: in order to ensure the experience, we will write the DingTalk official service number (official SMS, authorized service center, Ding message, conference code number) and the DingTalk office phone number applied by your enterprise organization in your local contact list upon your authorization to write the contact permission, so as to avoid you from receiving the DingTalk official number Service related notifications / information, or conference call invitation and access organized by your employer enterprise/organization.
- additional services based on camera: you can use this function to scan the code after turning on the camera / camera authority for face punch, real person authentication, live broadcast, photo shooting, and face recognition authorized by you in specific scenes. When you use the above functions for face recognition, we will collect your face photos or facial feature information, and use it strictly within the scope authorized by you. In the future, if we intend to use your facial information to provide you with other product and / or service functions, we will have your consent again.
- based on storage, additional services for photo / video access and upload of photo album (photo library / Video Library): you can use this function to upload your photo, picture or video after opening the permission of photo album, so as to change the personal head image in the DingTalk, communicate with single chat / group chat, publish community comments, share photos or videos, complete the certification of enterprise organization or communicate with customer service, or download voice / picture / video and other multimedia, etc. If you refuse us to obtain the permission, we will not be able to provide services for you.
- microphone based voice technology related additional services: you can use the microphone to achieve voice input function in single chat / group chat within DingTalk after turning on the microphone authority, or contact with customer service or realize voice interaction with customer service robot, or realize live broadcast function. Please be noted that even if you have agreed to turn on the microphone permission, we will only obtain voice information through the microphone when you actively click the microphone icon in the client or record video.
- calendar based additional services: after you enable our permission to read / write your calendar, we will collect your synchronized mail / Ali email schedule, mobile phone schedule and log schedule to create your schedule in the DingTalk for display in the DingTalk schedule function, manage the calendar information you created, schedule tasks and remind you of the relevant schedule.
- location permission: you can open your location permission (including geographic location permission or WiFi, Bluetooth identification range) to complete the attendance arranged by your enterprise organization.
- phone status permission: to ensure the security of your account and use, you need to authorize us to read the ID code of the machine. After rejection, the DingTalk will not operate normally due to security risks.
You understand and agree that the above additional services may require you to turn on the access rights of your location information (geographic location), camera, album and storage, microphone (voice), contact list, calendar and / or phone status in your device, so as to realize the collection and use of the information involved in these rights. You can view the status of the above permissions in "Settings -General Application permissions" of your device, “Me-Settings – Privacy” or “Me-Settings – General” of the DingTalk App, and you can turn them on or off at any time at your discretion. Please note that when you open any permission, you authorize us to collect and use relevant personal information to provide corresponding services for you. Once you close any permission, you cancel the authorization, and we will not continue to collect and use relevant personal information based on the corresponding permission, nor will we be able to provide corresponding services for you. However, your decision to close the permission will not affect the information collection and use based on your previous authorization.
You understand and agree that the DingTalk Service scenarios we provide to you are constantly updated iteratively. If we do not express the personal information you need to collect in the above scenarios, we will separately express the content, scope and purpose of information collection to you through UI prompts, interactive design and other ways, and obtain your consent.
If we stop operating DingTalk Services and any function thereof, we will timely stop collecting your Personal Information, and send you a 30 days prior notice of that and delete or anonymize your personal information held by us in accordance with applicable laws and regulations.
II. How we use Cookie or the like
To provide you with better user experience, when you use DingTalk products or services, we may collect and store data relevant with your visit to DingTalk service by employing various technologies. In this way, when you visit or revisit DingTalk service, we will be able to identify you and provide better and more services to you through analyzing the data. This will include verifying your identity through small data files, so that we will be able to understand your habits and help you avoid repeated input of account information or help assess the security of your account. These data files may be Cookie, Flash Cookie or other local storage provided by your browser or relevant applications (collectively, “Cookie”).
Please understand that some of our services are only available through use of “Cookie”. If permitted by your browser or additional browser services, you may change your acceptance level to Cookie or reject Cookie of DingTalk, but under certain circumstances, such rejection may render you unable to use certain functions of DingTalk which rely on Cookie.
III. How we share, transfer and disclose your Personal Information
We will not share your Personal Information with companies, organizations or individuals other than DingTalk Service Providers, except in the following circumstances:
1. Sharing with explicit consent: We will share your Personal Information with other parties with your explicit consent;
2. Sharing as required by laws: We may share your Personal Information as required by laws, regulations, litigation, dispute resolution, or by administrative or judicial authority in accordance with laws;
3. Sharing when you actively choose to share: only by sharing your personal information and personal sensitive information can you have the third-party products and services you require, For example:
4. Sharing to process infringement complaint. When a complaint is made by others against you of infringing upon intellectual property rights or other lawful interests, we need to disclose your information as necessary to the complainer for settlement of complaint;
5. Sharing with our s:In order to facilitate joint service on the basis of connected account, recommend the information that you may be interested in or protect personal and property safety of the s of DingTalk, other users or the public, your Personal Information may be shared with our s. We will only share necessary Personal Information (for example, in order to facilitate your use of the products or services of our with your DingTalk account, we will share your necessary account information with such ) and if we intend to share your Sensitive Personal Information or the changes the purpose of using and processing Personal Information, we will obtain your authorization and consent again.
6. Sharing with authorized partners: only for the purpose stated in this Policy, some of our services will be provided by us and authorized partners. We will only share your information for legal, legitimate, necessary, specific and clear purposes, and authorized partners can only access the information they need to perform their duties, and shall not be used for any other purpose, unless otherwise expressly agreed by you. For those involving children's personal information, we prohibit our partners from each and any sub-entrustment:
- sharing with suppliers, service providers and other partners. We may share your information to suppliers, service providers and other partners who support our DingTalk Services, including technical cooperation R & D services, DingTalk Services promotion and deployment services, customer service, payment service and other cooperation scenarios entrusted by us with our partners.
- We will carry out strict security inspection on the API and SDK of authorized partners to obtain your relevant information, and to achieve agreement with authorized partners on strict data protection measures so that they can process your personal information in accordance with our entrustment purpose, service description, this Policy and any other relevant confidentiality and security measures.
We will not transfer your Personal Information to any company, organization or individual, except in the following circumstances:
1. Transfer with explicit consent: We will transfer your Personal Information to other parties with your explicit consent;
2. In case of any acquisition, merger or insolvency liquidation, or other circumstances involving merger, acquisition or insolvency liquidation, of DingTalk Service Providers, if transfer of Personal Information is involved, we will require the new company, organization or individual in possession of your Personal Information to continue to be bound by this Policy, or we will require such company, organization and individual to obtain your authorization and consent again.
(III) Public disclosure
We will disclose your Personal Information to the public only under the following circumstances:
1. We may disclose your Personal Information to the public with your explicit consent or at your voluntary option;
2. If we determine that you have violated laws and regulations, or have a material breach of the agreements with or regulations of DingTalk, or we intend to protect DingTalk’s and its s’ users or the general public from damages to their personal and property safety, we may disclose your Personal Information in accordance with laws and regulations, or the agreements with and regulations of DingTalk after obtaining your consent, including the relevant violation and measures taken by DingTalk against you.
(IV) Exceptions to obtaining prior authorization and consent for sharing, transferring and disclosing Personal Information
Unless otherwise stated in a country specific addendum, your Personal Information may be shared, transferred or disclosed to the public without your authorization and consent under the following circumstances:
1. National safety and national defense security are involved;
2. Public security, public health, or major public interests are involved;
3. Criminal investigation, prosecution, judgment and enforcement are involved;
4. For the purpose of protecting your or other individual’s life, property and other major lawful rights and interests, where it is hard to obtain your or such individual’s prior consent;
5. The Personal Information is disclosed voluntarily by you to the public;
6. The Personal Information is collected from the information disclosed through lawful channels, such as lawful news reports or information disclosure by government.
Please be noted that pursuant to laws, sharing and transfer of anonymized data which cannot be recovered by the recipient to re-identify the subjects of such personal information does not constitute sharing, transfer and disclosure of personal information to the public, and therefore it may be stored and processed without notice to you and without your consent.
IV. How we protect your Personal Information
(I) Technical safety protection
In order to protect your information security, we have taken reasonable and feasible security protection measures in line with industry standards to protect your information from unauthorized access, public disclosure, use, modification, damage or loss of your personal information. For example, when your log un the DingTalk APP that exchanges data with the DingTalk server, it is protected by SSL protocol encryption; at the same time, we provide HTTPS protocol Safe Browsing mode for the DingTalk official homepage; we will use encryption technology to improve the security of your personal information; we will use trusted protection mechanism to prevent personal information from malicious attacks; we will deploy access control mechanism to try our best to ensure that only authorized personnel can access personal information; and we will hold security and privacy protection training courses to enhance our employees' awareness of the importance of protecting your personal information.
We have designated a special person to be responsible for the protection of children's information, strictly set the access rights of information, adopt the principle of minimum and sufficient authorization for the staff who may have access to children's information, and take technical measures to record and control the staff's handling of children's information, so as to avoid illegal copying and downloading of children's personal information.
(II) Safety system certification
DingTalk has established an industry-leading data security management system which centers on data and is implemented based on data life cycle, and has made efforts to improve the security of the entire system from multiple aspects, including organizational structure, system design, personnel management and product technology. Currently, our key information system has passed various certifications such as ISO27001:2013 information security management system certification，ISO27018:2014 public cloud personal identity information protection management system certification，SOC 2 Type 1 authentication (audit of three principles of security, confidentiality and Privacy)and network security level III protection authentication.
(III) Personnel safety management
We have also taken strict management on the employees or outsourcing personnel who may come into contact with your information, including but not limited to taking different rights control according to different positions, signing confidentiality agreements with them, monitoring their operation, etc. We will provide corresponding security measures according to the existing technology to protect your information and provide reasonable security. We will try our best to make your information not be leaked, damaged or lost. We will hold security and privacy protection training courses to enhance employees' awareness of the importance of protecting personal information.
(IV) Storage security
We will take reasonable and feasible measures to store your personal information and try our best to avoid collecting irrelevant personal information. We will only keep your personal information for the period required to achieve the purpose stated in the Policy and the period required by applicable laws and regulations. For example, according to the requirements of the E-commerce Law of the people's Republic of China, we will keep the trading of the specific third party service, service information and trading information of the charging application/service of the Third Party Service within the DingTalk APP Center for no less than three years from the date of completion of the transaction, and according to the requirements of the Network Security Law of the people's Republic of China, the DingTalk Service log information will be kept for no less than six months. Our criteria for judging the aforesaid period include:
1. Complete the service purpose related to you, maintain the corresponding service and business records, and respond to your possible queries or complaints;
2. Guarantee the safety and quality of our services for you;
3. Your agreement to have a longer retention period;
4. Whether there is any other special agreement on the retention period.
After your personal information exceeds the retention period, we will delete your personal information or make it anonymous according to the requirements of applicable laws. We will take reasonable and practical measures to avoid collecting irrelevant Personal Information to the maximum extent. We will retain your Personal Information only for the period necessary to achieve the purposes set forth in this Policy, unless it is necessary to prolong the retention period or permitted by law.
(V) Password protection
The Internet is not an absolutely secure environment. Please use a complex password when using the DingTalk Service to help us ensure the security of your account. We will do our commercial reasonable effort to ensure the security of any information you send us. If our physical, technical or management protection facilities are damaged, resulting in unauthorized access, public disclosure, tampering or destruction of your information, which resulting in damage to your legitimate rights and interests, we will bear the corresponding legal responsibility.
(VI) Handling of information security incidents
In case of personal information security incident, we will inform you of the basic situation and possible impact of the security incident, the disposal measures we have taken or will take, the suggestions that you can prevent and reduce the risk independently, and the remedial measures for you in accordance with the requirements of laws and regulations (no later than 30 natural days). We will inform you of the event by mail, letter, telephone, and push notice, etc., if it is difficult to inform the personal information subject one by one, we will take a reasonable and effective way to publish the announcement within DingTalk message or make an announcement at DingTalk official homepage (dingtalk.com). At the same time, we will also report the disposal of personal information security incidents the regulatory authorities according to relevant laws and regulations.
(VII) Children’s personal information security
We have formulated the emergency plan for children's information security incidents, and regularly organized the internal relevant personnel to carry out emergency response training and emergency drill so as to master the post responsibilities and emergency response strategies and procedures. After the unfortunate occurrence of children's information security incidents, we will timely inform the children and its guardians of the basic situation and possible impact of the security incidents, the disposal measures we have taken or will take, the suggestions that the children and their guardians can independently prevent and reduce risks, and the remedial measures for the children and their guardians, etc. in accordance with the requirements of laws and regulations. We will inform the children and their guardians of the incident in a timely manner by means of DingTalk APP push notice, email / SMS, etc. When it is difficult to inform one by one, we will issue relevant warning information in a reasonable and effective way. At the same time, we will actively report the disposal of children's information security incidents in accordance with the requirements of the regulatory authorities. If the legitimate rights and interests of children and their guardians are damaged, we will bear corresponding legal liabilities.
Given the fact that Internet environment is not completely secure, although we have those security measures in place, please bear in mind that there is no “perfect security measure” on the Internet, and we will use our commercial reasonable efforts to ensure the security of your information.
V. How do you manage your information
You can access and manage your information by:
(I) Inquire, correct and supplement your information
1. DingTalk enterprise/organizational users
As the administrator of the DingTalk enterprise/organizational users, you have the right to query, correct or supplement the information of your enterprise/organization. You can do it yourself by:
Open the DingTalk official homepage (dingtalk. com), select "enterprise/organization login" in the upper right corner, select the right enterprise/organization through the DingTalk scanning QR code, and log in to "DingTalk enterprise/organization management platform" (oa. dingtalk. com) by entering the password, then you can query and correct the enterprise/organization control data, including the organization chart information, invitation message settings, modification of login password, appointing more sub-administrator(s) and so on. You can also process to open or close DingTalk Services, Third Party Services or self-built service based on DingTalk through "Platform- Service Management".
2. DingTalk personal users
As a DingTalk personal user, you have the right to query, correct or supplement your information by:
- Log in to DingTalk APP, through the operation of "Me-Settings-My Profile ", you can query and correct your personal information such as profile picture, nickname, phone number, work status, work file, gender, birthday, region and other information, and complete personal real person authentication (face entry or ID card information).
- Log in to the DingTalk APP, select “My Customer Service- DingTalk Aide” (7 * 24 hours) to help you query, correct or supplement your information.
(II) Delete your information
You can delete part of your information by the way listed in "(I) inquire, correct and supplement your information" above.
You can request us to delete your personal information in the following circumstances:
1. If we deal with personal information in violation of laws and regulations;
2. If we collect and use your personal information without your explicit consent;
3. If our handling of personal information seriously violates the agreement with you;
4. If you no longer use DingTalk Services, or you actively cancel the DingTalk account;
5. If we terminate to provide you with DingTalk Services.
If we decide to respond to your information deletion request, we will also notify the subject who obtains your personal information from us as much as possible and ask them to delete it in time (unless otherwise specified by laws and regulations, or these subjects have obtained your authorization independently).
When you or we assist you in deleting the relevant information, we may not be able to delete the corresponding information from the backup system immediately due to the applicable laws and security technologies. We will store your personal information securely and isolate it from any further processing until the backup can be cleared or anonymous.
(III) Change the scope of your authorization and consent
- As an DingTalk enterprise/organization administrator user, you can login the DingTalk official homepage, select "enterprise/organization login" in the upper right corner, select the enterprise/organization through DingTalk scanning QR code, log in to "DingTalk Management Platform" by entering the password, then you can process to open or close DingTalk Services, Third Party Services or self-built service based on DingTalk through "Platform- Service Management".
- As a DingTalk personal user, you can log in to DingTalk APP by “Me-Settings-Privacy” to process or withdraw your authorization consent, for example, you can withdraw your authorization of "Find me by Phone Number”.
When you withdraw your consent, we will not process the corresponding personal information. However, your decision to withdraw your consent will not affect the personal information processing based on your previous authorization.
(IV) Cancel your account
When your enterprise/organization process to deregister DingTalk enterprise/organizational account through its administrator, we will anonymize or delete your personal information relating to the enterprise/organization, while your personal information as a separate individual DingTalk personal user will be maintained in case you are still using DingTalk Service; otherwise, should you deregister your personal DingTalk account, We will anonymize or delete your personal information pursuant to applicable laws and regulations.
- For the cancellation of DingTalk enterprise/organization account, you as the DingTalk enterprise/organization administrator, can log in to the latest version of DingTalk APP by the process of “Me-Settings-My Organization” to choose the right enterprise or organization and to “more-Disband Organization” to cancel the DingTalk enterprise/organization account.
- For cancellation of DingTalk personal account cancellation, you can log in to the latest version of DingTalk APP by the process of “Me - Settings - Security Center - Account settings – Delete DingTalk Account” to cancel your personal DingTalk account.
- You can also log in the DingTalk APP to select “My Customer Service- DingTalk Aide” (7 * 24 hours) to help you apply for cancellation of your account.
After you actively cancel your account, we will stop providing you with DingTalk Services, delete your personal information according to the requirements of applicable laws, or make it anonymous.
(V) Automatic decision making of constraint information system
In some of DingTalk Service functions, we may only make decisions based on non-manual automatic decision-making mechanisms such as information systems, algorithms, etc. If these decisions significantly affect your legitimate rights and interests, you have the right to ask us to make an explanation, and we will also provide a method of appeal on the premise of not infringing the nail trade secret or other users' rights and interests, social and public interests.
(VI) Respond to your above request
For security, you may need to provide a written request or otherwise prove your identity. We may ask you to verify your identity before processing your request.
We will reply within 15 days. If you are not satisfied, you can also send a complaint through DingTalk customer service by online or hotline service.
In principle, we will not charge you for your reasonable requests, but we will charge you for repeated requests beyond the reasonable limit. We may reject requests for information that is not directly related to your identity, for unprovoked duplication of information, or that require too many technical means (for example, the need to develop new systems or fundamentally change existing practices), pose risks to the legitimate rights and interests of others, or are impractical.
We will not be able to respond to your request in accordance with laws and regulations in the following cases:
1. Related to national security and national defense security;
2. Related to public safety, public health and major public interests;
3. Related to criminal investigation, prosecution, trial and execution of judgment;
4. There is sufficient evidence that the subject of personal information has subjective malice or abuse of rights;
5. Responding to your request will cause serious damage to the legitimate rights and interests of you or other individuals or organizations;
6. Involving the business secrets of the DingTalk Service Provide and/or DingTalk enterprise/organization users.
VI. Protection of minors
By using DingTalk Services for mobile office, communication and collaboration activities, we presume that you have corresponding civil capacity. If you are a child, we ask you to have your parents or other guardians to read this Policy carefully before using our DingTalk Services or provide us with information with the consent of your parents or other guardians.
In the case of collecting children's personal information by using DingTalk Services with the consent of parents or other guardians, we will only use, share, transfer or disclose this information when permitted by laws and regulations, expressly agreed by parents or other guardians or necessary for the protection of children.
If you are the parent or other guardian of the child, please pay attention to whether the child under your custody to use our DingTalk Services after obtaining your authorization and consent. If you have any questions about your child's personal information, please contact us through the contact information in Section 9 of this Policy.
VII. How we store and transfer Personal Information outside your country
Your Personal Information collected by our operating of DingTalk Service within P.R.China shall be stored at DingTalk servers locate within mainland China, and your Personal Information collected from overseas DingTalk user by using DingTalk shall be transferred back to and stored at DingTalk servers locate at Singapore, your understand and consent to such transfer or otherwise you cannot use the DingTalk products and service we applied. Under this circumstance, we undertake to protect your personal information with same industry level of security.
VIII. How we update this Policy
Our Policy may change from time to time. Without your explicit consent, we will not reduce and/or restrict the rights you are entitled to under this Policy. We will publish any change to this Policy on DingTalk official homepage at www.dingtalk.com and, if changes are significant, prominent, we will also provide a more prominent notice (including using DingTalk to collect opinions and make publicity, or by providing you notice with popup window within DingTalk official homepage).
Significant changes to this Policy are included but not limited to the follows:
1. our service pattern changes greatly. Such as the purpose of dealing with DingTalk user’s personal information, the type of processing your personal information, and the way of using your information, etc.;
2. our control and organization structure changed greatly, such as the change of controller by merger and acquisition, etc.;
3. our DingTalk user’s Personal Information sharing, transfer or public disclosure main target change;
4. Your right to participate in the processing of personal information and the way you exercise it have changed significantly;
5. our internal department charging the security, its contact information, and complaints channels change;
6. any DingTalk user information security impact assessment indicates that there is a high risk.
We will also archive the old version of this Policy on the DingTalk homepage for your reference.
IX. How to contact us
If you have any questions or concerns about this Policy and/or data processing of DingTalk, you may contact us via “Mobile APP-Me- Help- My Customer Services- DingTalk Aide” or “[DingTalk APP-Me-Help-My Customer Services-DingTalk Aide] or [email@example.com].", or we can be reached within following contact:
Addressee: DingTalk Data Protection Office
Address: No. 959 Gaojiao Road, Hangzhou, Zhejiang, China, 311100.
Generally, we will revert to you upon the receipt of your query and verify within fifteen (15) working day.
1. Legal Basis for Processing Personal Data
Our legal basis for collecting and using the Personal Information described above will depend on the Personal Information concerned and the specific context in which we collect it.
However, we will normally collect Personal Information from you only (i) where we need the Personal Information to perform a contract with you, (ii) where the processing is in our legitimate interests and not overridden by your rights, or (iii) where we have your consent to do so. In some cases, we may also have a legal obligation to collect Personal Information from you or may otherwise need the Personal Information to protect your vital interests or those of another person.
If we ask you to provide Personal Information to comply with a legal requirement or to perform a contact with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Information is mandatory or not (as well as of the possible consequences if you do not provide your Personal Information).
If we collect and use your Personal Information in reliance on our legitimate interests (or those of any third party), this interest will normally be to operate our platform and communicating with you as necessary to provide our services to you and for our legitimate commercial interest, for instance, when responding to your queries, improving our platform, undertaking marketing, or for the purposes of detecting or preventing illegal activities. We may have other legitimate interests and, if appropriate, we will make clear to you at the relevant time what those legitimate interests are.
If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Information, please contact us using the contact details provided below.
2. Safeguards for Data Transfers
However, if you are a resident of the EEA, we have taken appropriate safeguards to require that your Personal Information will remain protected in accordance with this Policy. These include implementing the European Commission’s Standard Contractual Clauses for transfers of Personal Information between our group companies, which require all group companies to protect Personal Information they process from the EEA in accordance with European Union data protection law.
3. Retention Periods
We retain Personal Information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements).
When we have no ongoing legitimate business need to process your Personal Information, we will either delete or anonymise it or, if this is not possible (for example, because your Personal Information has been stored in backup archives), then we will securely store your Personal Information and isolate it from any further processing until deletion is possible.
4. Data Protection Rights
If you are a resident of the European Economic Area, you have the following data protection rights:
- If you wish to access, correct, update or request deletion of your Personal Information, you can do so at any time by contacting us using the contact details provided below.
- In addition, you can object to processing of your Personal Information, ask us to restrict processing of your Personal Information or request portability of your Personal Information. Again, you can exercise these rights by contacting us using the contact details provided below.
- You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), please contact us using the contact details provided below.
- Similarly, if we have collected and process your Personal Information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Information conducted in reliance on lawful processing grounds other than consent.
- You have the right to complain to a data protection authority about our collection and use of your Personal Information. For more information, please contact your local data protection authority.
As otherwise defined in this Policy, the data controller of your Personal Information is [DingTalk (Singapore) Private Limited].
6. EU representative
We have appointed Alibaba (Netherlands) B.V. as our representative in the EU. Contact person: Michelle Li (firstname.lastname@example.org).
1. Personal Data
2. Compliance with Laws
We shall comply with the APPI.
3. Transfer of Personal Data
- based on laws and regulations;
- in which there is a need to protect a human life, body or fortune, and when it is difficult to obtain a principal's consent;
- in which there is a special need to enhance public hygiene or promote fostering healthy children, and when it is difficult to obtain a principal's consent; and
- in which there is a need to cooperate in regard to a central government organization or a local government, or a person entrusted by them performing affairs prescribed by laws and regulations, and when there is a possibility that obtaining a principal's consent would interfere with the performance of the said affairs.
4. Disclosure of your Personal Data
If you would like to request the disclosure of your Personal Data (subject to our rights at law), please email to email@example.com.
No request for disclosure shall be accepted in any of the following cases where:
- there is a possibility of harming a relevant individual or third party's life, body, fortune or other rights and interests;
- The disclosure may significantly disturb appropriate implementation of our business operations; or
- The disclosure violates any other laws and regulations.
In such cases, we will send a notification with the reason for non-disclosure.
These additional disclosures are required by the California Consumer Privacy Act (“CCPA”). If you live in California, you are entitled to request access to, deletion, and portability of your information or more information about our information practices.
We provide you certain rights to request access to the information we have collected and deletion of that information. We will not charge you different prices or provide different quality of services unless those differences are related to your information or otherwise permitted by law. Please submit your request by sending us an email to firstname.lastname@example.org. Once we receive your request, we may verify it by requesting information sufficient to confirm your identity, including by asking you to verify information about your use of DingTalk. If you would like to use an agent registered with the California Secretary of State to exercise your rights, we may request evidence that you have provided such agent with power of attorney or that the agent otherwise has valid written authority to submit requests to exercise rights on your behalf.
Personal Information has the meaning set out in the Australian Privacy Act 1988 (Cth) (Privacy Act).
2. Compliance with the Privacy Act
DingTalk (Singapore) Private Limited is collecting your personal information for the purposes of providing you with DingTalk’s services. If you do not provide us with your personal information we may not be able to provide you with these services. We may disclose your information to third parties (e.g. our related companies or third parties who provide goods and services to us). Some of these third parties are located in the China, Singapore, Hong Kong and the US.
3. Definition of Children (Minimum Age to Register with DingTalk)
Children in Australia refer to minors under the age of 15.
5. Questions, Comments or Complaints
If you are not satisfied with the outcome of our assessment of your complaint, you may wish to contact the Office of the Australian Information Commissioner.