DingTalk Certified Enterprise Organization Service Agreement

                                                                    Version: Jan 25, 2022

 

Thank you for using the DingTalk Certified Enterprise Organization Service.

Note: Before using the DingTalk Certified Enterprise Organization Service (hereinafter referred to as the "Service"), you shall, as an administrator of DingTalk’s certified enterprise organization users (hereinafter referred to as "Certified Users"), read carefully and comply with the DingTalk Certified Enterprise Organization Service Agreement (hereinafter referred to as this "Agreement"), and ensure Certified Users' in-service/on-duty employees comply with this Agreement. Please carefully read and fully understand all clauses herein, especially those concerning exemption or limitation of liability, and dispute resolution and governing law. The exemption or limitation of liability clause may be highlighted in bold to draw your attention.

By entering the required information as prompted on the DingTalk enterprise organization certification page, reading and agreeing to the terms and conditions of this Agreement, and completing the whole enterprise organization certification process, or actually using the Service in any other way permitted by DingTalk, you are deemed to have fully read, understood, and agreed to all the content hereof on behalf of Certified Users, in which case this Agreement becomes legally binding. You shall then not claim this Agreement to be invalid or request for the revocation of this Agreement on the grounds of not reading the content of this Agreement or not obtaining DingTalk's answers to your inquiries.

Important note: The Service is designed for Certified Users, DingTalk enterprise organization administrators who are authorized by Certified Users to act on their behalf (hereinafter referred to as "Administrators"), and Certified Users' in-service/on-duty employees who are invited by Administrators to join DingTalk enterprise organizations as End Users (hereinafter referred to as "End Users") so as to enable the Certified Users to achieve their enterprise organizations' purposes and needs in HR management, operation content control, and information security control, to use the Service for online mobile working, communication and collaboration, and digitize organization and business.

 

1. Definitions

1.1 "DingTalk Enterprise Organization User" refers to an enterprise organization that only authorizes an Administrator to create the DingTalk enterprise organization structure on behalf of the enterprise organization, and invite End Users to download the DingTalk application and register DingTalk accounts or configure exclusive accounts for End Users, and then authorizes the Administrator to configure, activate, manage, and use the DingTalk office application for online mobile working, communication and collaboration. DingTalk Enterprise Organization Users consist of certified enterprise organizations and non-certified enterprise organizations, including but not limited to legal persons, government agencies, other organizations, partnerships, individual businesses.

1.2 "DingTalk Enterprise Organization Certification Service" refers to a service that qualified DingTalk Enterprise Organization Users can use to apply for the DingTalk enterprise organization certification by submitting relevant documents and information on the DingTalk office automation (OA) platform (oa.dingtalk.com) (hereinafter referred to as the "OA Platform"). DingTalk will review or authorize a third-party institution to review the applications and determine the certification results and the service for the certification information based on the review results.

1.3 "DingTalk Certified Enterprise Organization User" or "Certified User" refers to a DingTalk enterprise organization that is certified by DingTalk or its authorized third-party institution upon approval of its application for the DingTalk enterprise organization certification submitted by the enterprise organization and its Administrator or legal representative. For a Certified User, DingTalk will, according to the qualification documents submitted by the User, determine the Certified User's certification account name, clarify the identity of legal person or non-legal person (i.e., "displaying the business license"), generate certification marks and certification information, and activate the exclusive benefits for the Certified User. For the avoidance of doubt, DingTalk has the right to unilaterally decide to carry out annual review or re-certification of Certified Users. If a Certified User changes its certification information, it shall apply to DingTalk for certification change.

1.4 "DingTalk Enterprise Organization Administrator" or "Administrator" refers to an administrator who, upon authorization or designation by a DingTalk Enterprise Organization User, has the system operation permissions for the DingTalk enterprise organization user management platform to activate, manage, and use the Service on behalf of the enterprise organization user, such as the permission to manage the address book and members of the enterprise organization, perform the operations and configuration related to the OA Platform (e.g., sub-administrator setting, End Users management), and, on behalf of the enterprise organization, activate and manage third-party applications, confirm and sign DingTalk's corresponding online agreement, cancel the enterprise organization, etc. The Administrator may be one or more people.

1.5 "Enterprise Organization End User" or "End User" refers to an individual DingTalk user who joins a Certified User upon invitation from the Administrator, voluntary application, or invitation from a member of a Certified User and with the consent of the Administrator. When you are invited by a DingTalk Enterprise Organization User to access its work platform as an End User, you can choose whether to join it or not.

1.6 "Enterprise Organization-Controlled Data" refers to the information and data submitted or generated by a DingTalk Enterprise Organization User and its End Users during their use of the Service, including the information that the DingTalk Enterprise Organization User and its Administrator submit or require its End Users to submit, the information assigned by the DingTalk Enterprise Organization User to its End Users, and the information submitted by the End Users to the DingTalk Enterprise Organization User to meet the latter's work requirements and daily management needs. For specific provisions on Enterprise Organization-Controlled Data, see the Enterprise Organization-Controlled Data section of the DingTalk Privacy Policy.

1.7 "Personal Information Processor" refers to an organization or individual that has the right to decide the processing purpose and method of personal information, etc. when a Certified User uses the Service for online mobile working, communication and collaboration. The Personal Information Processor of an End User related to the Service hereunder shall be a DingTalk Enterprise Organization User. DingTalk, as a fiduciary for processing Enterprise Organization-Controlled Data that is uploaded, entered, transmitted, stored, shared, or generated when the Administrator and End Users use the Service for online mobile working, communication and coordination, is authorized to collect, store, use, process, transmit, provide, disclose, delete, or otherwise deal with the Enterprise Organization-Controlled Data (including the personal information of End Users) according to the operation, configuration and other instructions by the Administrator.

 

2 Contracting Parties

2.1 This Agreement is entered into in Yuhang District, Hangzhou City by and between DingTalk and Certified Users and their Administrators and End Users with respect to the download, installation, use, and reproduction of the software and the use of the Service. The aforesaid Certified Users and their Administrators and End Users are hereinafter referred to collectively as "you".

2.2 The providers of the Service include DingTalk (China) Information Technology Co., Ltd., DingTalk Technology Co., Ltd., and other related companies, including Alibaba Cloud Computing Co., Ltd., which provides cloud storage services, and Alipay (China) Network Technology Co., Ltd., which provides Alipay services related to money collection and payment, and its affiliated companies. For details of the affiliated companies related to the providers of the Service (collectively as "DingTalk", "we", or "us"), please refer to the company information disclosed in the latest annual financial report of listed companies of Alibaba Group Holding Limited at: http://www.alibabagroup.com/cn/ir/secfilings.

 

3 Content and Effect of this Agreement

3.1 Content of this Agreement This Agreement comprises the body hereof and all policies, rules, statements, notices, warnings, reminders, and instructions that have been or will be published (hereinafter referred to as the "Rules"), including the DingTalk Services Agreement, the DingTalk Privacy Policy, the DingTalk Convention, the DingTalk Regulations on Enterprise Organization Certification, the DingTalk Regulations on Illegal Information Handling, etc. The aforesaid Rules are an integral part of this Agreement and have the same legal effect as this Agreement.

3.2 Effect of this Agreement DingTalk has the right to update or modify this Agreement and related rules from time to time as needed. We will notify you seven (7) day in advance by announcement through the OA Platform, the DingTalk client (My - Settings - About DingTalk), or the DingTalk official website (dingtalk.com) of such update or modification (if any), which will take effect when the announcement period is over. If you do not agree to such update or modification, you shall immediately stop using the Service. If you continue to use the Service or carry out any website activities, it shall be deemed that you have agreed to such update or modification.

 

4 Content and Scope of the DingTalk Certified Enterprise Organization Service

4.1 DingTalk enterprise organization certification services

4.1.1 DingTalk enterprise organization certification Based on the application for DingTalk enterprise organization certification submitted through the OA Platform by the Administrator, DingTalk will require you to submit relevant documents and information on behalf of the enterprise organization based on the DingTalk online enterprise organization certification type you select, review or authorize a third-party institution to review the application, and determine the certification results and the service for the certification information based on the review results. DingTalk will only review and verify the submitted documents and information in a reasonable and prudent manner. You shall provide relevant documentary evidence for the authenticity, lawfulness, and accuracy of the aforesaid documents and information, as well as a warranty against the defects thereof. For the avoidance of doubt, DingTalk will only review the certification application within its legal authority and reasonable capability, and will not provide any warranty for the applicant's real identity, qualifications, business operation, etc. For details of the DingTalk enterprise organization certification, see the DingTalk Regulations on Enterprise Organization Certification.

4.1.2 DingTalk enterprise administrator authentication You need to complete the DingTalk real-person authentication using an administrator account according to the following steps: Log in to the DingTalk client, choose Settings > My Information > DingTalk Real-Person Authentication, and complete the authentication according to the corresponding process and authorization of personal information/sensitive personal information. You may exercise the administrator permissions and use the Service on behalf of the enterprise organization only after you complete the authentication.

4.2 DingTalk Certified Enterprise Organization Service

4.2.1 "DingTalk Certified Enterprise Organization Service" refers to a service where the Administrator creates the DingTalk enterprise organization structure on behalf of a Certified User, invites the members of the enterprise organization to download the DingTalk application and register as End Users, and then configures, activates, manages, and uses the DingTalk office application, so as to achieve the digital transformation. It includes but is not limited to the following services:

 (1) Corporate address book, in which the Administrator imports an enterprise organization's address book and invites End Users to create a DingTalk enterprise organization.

 (2) Protection against certification application from namesake organizations, which means, a Certified User will be hightlighted with a certification mark, and any namesake organization is not allowed to file the certification application.

 (3) App market, where third-party apps (including micro-applications and mini programs) can be distributed upon review and approval. The market allows Administrations and End Users to purchase or activate any third-party apps or in-app services based on their actual needs. The apps in the market are provided by their respective developers, which assume full responsibility for the authenticity, legality, and validity of the service information, content, and data, as well as their operation behavior, etc. DingTalk only serves as a provider of technical services.

 (4) Online mobile working, communication and collaboration services and other standard services, such as address book creation and management, instant messaging (private chat or group chat among organization members), audio and video conference, intelligent HR management (roster, employment, job transfer, resignation, attendance, etc.), intelligent office applications (review and approval, forms, and logs), Ding Mail, DingTalk Documentation (online editing and knowledge base), Corporate Ding Drive, service window, Ding badge, and other cross-enterprise/organization communication, collaboration, and other functions, applications, or services.

 (5) Paid value-added services, including Ding message package, conference call package, group expansion, and Ding Drive space expansion. The Administration of an enterprise organization can purchase these services based on its actual needs, so that its End Users can use the services for free.

 (6) Paid exclusive services, such as exclusive data API, exclusive packaging, services bound with exclusive accounts, exclusive data storage, exclusive security, and exclusive audit.

 (7) Intelligent hardware services, such as intelligent front desk, intelligent clock-in/out, intelligent access control, intelligent routing, intelligent printing cloud boxes, etc., which should be used in combination with DingTalk's intelligent software services.

 (8) Other benefits, such as exclusive skins, exclusive workbench features, and commercial kits.

4.2.2 The DingTalk Certified Enterprise Organization Service may be updated or modified based on the changing user needs due to different service versions or unilateral judgment of the service providers.

4.2.3 For the avoidance of doubt, Certified Users' digital office services do not include those that any other third party provides to you through the above-mentioned webs or DingTalk client, such as any application, mini program, H5 page, etc. created through relevant APIs of the DingTalk Open Platform, self-developed application, integrated application, and other services that provide services through third-party SDKs or by calling third-party APIs (collectively, the "Third-party Services"), e.g., third-party apps that are activated by Administrators through the DingTalk app market, money collection/payment/transfer, red packets and other payment-related functions achieved through the personal Alipay (e-wallet) and corporate office payment functions in the DingTalk client, and other services that are provided by using the DingTalk smart office phone (dual call function), DingTalk sticker services, etc.

4.3 OA Platform feature management

You, as an Administrator authorized by a Certified User, have the right to perform the following operations on behalf of the Certified User through the OA Platform:

 (1) Set up the organizational structure of the Certified User, manage its members, and manage the address book and set how it is displayed;

 (2) Activate, configure, and manage the Service, third-party application services, and other applications developed by the Certified User through the OA Platform;

 (3) Perform intelligent personnel management, including upload or entry of roster-related information, employee care, and management of onboarding process, process of becoming a regular employee, contract signing, resignation, and vacation;

 (4) Purchase value-added services for End Users;

 (5) Check the usage of purchased service package;

 (6) Configure the enterprise homepage; and

 (7) Use other services provided on the OA Platform.

Certified Users understand and agree that the settings configured and operations performed by Administrators on the relevant pages shall be deemed as the acts of the Certified Users. If Certified Users have any objections thereto, they shall address the authorization of relevant Administrators on their own, configure the corresponding permissions for Administrators, or contact DingTalk in time to reset any improper operations performed by the Administrators. Unless otherwise provided by law, DingTalk will not assume any liability to any Certified User for the authorization between the Certified User and its Administrator or the actual settings configured and operations performed on the OA Platform.

4.4 DingTalk platform services

4.4.1 Certified Users can independently develop or entrust third-party application service providers/developers to develop applications (including E applications, mini programs or H5 applications) through the existing APIs, SDKs, open documents, and sample code, etc. on the DingTalk Open Patform, or integrate their existing internal office applications to the DingTalk platform, so that their End Users can use them for online mobile working, communication and collaboration. Administrators can also choose to purchase third-party applications (including in-app services) available on the DingTalk Open Platform or the DingTalk app market.

4.4.2 For all the applications mentioned in 4.4.1, DingTalk only provides technical support, the Certified Users shall be solely liable for these applications, and the third-party application service providers shall be solely liable for the authenticity, legality, and validity of the service information, content, and data and their business operation.

4.5 Entrusted data processing

4.5.1 Entrusted processing of the Enterprise Organization-Controlled Data. For the DingTalk Certified Enterprise Organization Service activated and used by Certified Users and Administrators, DingTalk will, based on the uploading, configuration, activation, setup, publishing, transmission, storage, sharing, deletion, withdrawal, and cancellation conducted by the Administrators and other operations and instructions performed by the Administrators on behalf of their Certified Users, collect, store, use, process, transmit, provide, disclose, and delete the Enterprise Organization-Controlled Data submitted or generated by End Users during the use of DingTalk related functions/applications, including uploading, releasing, transmitting, storing, sharing, withdrawing, or deleting all data (including the personal data of the End Users), software, devices, text, images, videos, audio files, photos, third-party applications, information, and materials on DingTalk in any format.

4.5.2 Entrusted processing of personal information of End Users. With regard to the personal information of End Users involved in the Enterprise Organization-Controlled Data, the Certified Users and their Administrators understand and agree that:

 (1) Entrusted processing DingTalk will be entrusted to process information, data, and materials that are uploaded, published, transmitted, stored, shared, and withdrawn by End Users during the use of the Service for online mobile working, communication and collaboration, as well as other personal information of End Users that is generated during the use of the Service. A Certified User, based on the necessity of concluding or performing a contract, to which an End User is a party, with the End User, or the necessity for implementing human resources management through legally established labor rules and regulations and a collective contract legally signed with an End User, has the right to process the personal information of the End User as an individual processor, and entrust DingTalk to process the personal information of the End User only according to the purpose and scope of activation, management, and use of the Service for online mobile working, communication and collaboration, and based on reasonable necessity.

 (2) Restrictions on processing of the information of End Users DingTalk will, only for the purpose of realizing a digital office for DingTalk enterprise organizations, collect, store, process, transmit, and share the Enterprise Organization-Controlled Data during the existence of DingTalk enterprise organizations based on the way in which the Service is realized. Without the consent of Administrators, DingTalk will not authorize any third party to process the Enterprise Organization-Controlled Data.

4.5.3 For the avoidance of doubt, Certified Users and their Administrators are the processors of the personal information of End Users in self-developed applications and other third-party applications, and DingTalk only provides technical services for Certified Users and third-party service providers, and will not assume joint and several liability for third-party application service providers' processing of the information of End Users.

 

5 Account and Management

To access and use fully functional DingTalk personal services and DingTalk enterprise organization services, you can log into and use DingTalk through your own DingTalk account (created using your mobile number), a third-party account authorized by DingTalk, or an exclusive account configured by the enterprise organization.

5.1 Individual DingTalk account

5.1.1 Administrators and End Users can create a DingTalk account using their personal mobile number and verification code. DingTalk will set administrator accounts as enterprise accounts by default, and organization members will, upon authorization, become the End Users of a Certified User by activating their DingTalk account using their mobile number and verification code after accepting the invitation from the Certified User. An administrator account has the right to manage non-administrator accounts under its enterprise account. If your account is an enterprise account, we have reason to believe that you have signed with your business or organization and are bound by the corresponding service agreements and privacy policies or other agreements or rules of the same or similar nature, and we do not have any obligation to resolve and shall not be held liable for any disputes arising therefrom.

5.1.2 You shall submit authentic, accurate, and complete identity and other relevant information that reflect the current situation during account registration. You undertake that the information, such as the account name, avatar, and profile, that you use for registration shall not contain any illegal or inappropriate information; and that you shall not register a DingTalk or Ding account by pretending to be someone else, or for someone else without authorization, or in a way that may mislead other users, nor use a username that may infringe upon the rights and interests of others (including but not limited to alleged infringements upon trademarks or reputation rights), otherwise DingTalk has the right to reject your application or cease providing services to you and revoke your DingTalk or Ding account, and you shall assume all losses arising therefrom.

5.1.3 The registered DingTalk accounts (including client account and service management account) shall vest in DingTalk. After the accounts are registered, Administrators and End Users will have the right to use the accounts. The right to use a DingTalk account shall vest in its initial registrant only, and such DingTalk account shall not be transferred or provided to others for use in any way, otherwise DingTalk has the right to revoke the account immediately without notice, and the Administrator and the End User shall solely bear the losses arising from the deletion, loss, etc., of all data and information generated during your use of the Service.

5.1.4 If you fail to log into your DingTalk account for more than twelve (12) months after the registration of the account, DingTalk has the right to revoke the account for management optimization or other purposes.

5.1.5 For the avoidance of doubt, if you log into DingTalk via a third-party platform account authorized by DingTalk for login to the DingTalk platform (e.g., an Alipay account), such third-party platform shall be responsible for managing the account information, including the user ID and password used for creating the account. We do not assume any responsibility for the information of the account. For any dispute arising from a third-party account, please contact the third-party account service provider, but if the account is involved in data breach or is stolen, you can contact us to suspend or terminate the account. If you log into and use DingTalk via a third-party account authorized by DingTalk, in addition to the corresponding service agreement and privacy policy of the third-party service, you shall abide by this Agreement and other DingTalk platform rules, including the DingTalk Privacy Policy, the DingTalk Convention, the DingTalk Regulations on Enterprise Organization Certification, and the DingTalk Regulations on Illegal Information Handling. Otherwise, you shall revoke your authorization and stop using the Service.

5.2 Exclusive accounts of enterprise organizations

5.2.1 Based on HR management and information security control, Certified Users can configure exclusive accounts, or SSO accounts, for their End Users to facilitate online mobile working, communication and collaboration. The exclusive accounts shall vest in the Certified Users. Administrators have the right to manage the exclusive accounts on behalf of the Certified Users, including but not limited to configuring the exclusive accounts, viewing the logon information and data security of the exclusive accounts, and disabling, blocking, or deleting the exclusive accounts.

5.2.2 The exclusive accounts are for office use only. An End User can create an internal group through such exclusive account, add friends within the organization, and use internal DingTalk documents and knowledge bases (collectively, the "Use Behavior within the DingTalk Organization"). When you use such exclusive account for external communication and coordination (including but not limited to adding external contacts, and creating/joining external groups) or use information publishing features (including but not limited to Look and Circle) (collectively, the "Use Behavior out of the DingTalk Organization"), administrator accounts and End Users need to complete the DingTalk real-name authentication for their exclusive accounts, otherwise you cannot perform the Use Behavior out of the DingTalk Organization. If you no longer use the exclusive account, you may delete it by yourself or contact the Administrator to delete the real-name authentication information of the exclusive account.

5.3 Permissions and responsibilities of different accounts

5.3.1 Permissions and responsibilities of administrator accounts

5.3.1.1. An administrator account is an enterprise account representing an enterprise organization form. The Administrator shall ensure that they have obtained the full authorization of a DingTalk Enterprise Organization User and can act on behalf of the DingTalk Enterprise Organization User. We have reason to believe that you have signed with your business or organization and are bound by the corresponding service agreements and privacy policies or other agreements or rules of the same or similar nature, and we do not have any obligation to resolve and shall not be held liable for any disputes arising therefrom.

5.3.1.2 The operations, behaviors, and instructions performed under an administrator account will be created by default by the Administrator on behalf of its enterprise or other legal entity or be construed as the actual use of the Service in any other manner permitted by DingTalk. An administrator account has the right to manage the End Users of the non-administrator account of the enterprise, including selecting an End User and setting it as a sub-administrator, and setting and selecting a check-in method for the End Users.

5.3.1.3 Administrators represent and warrant:

1) When inviting organization members to the DingTalk Enterprise Organization Users for online mobile working, communication and collaboration, they shall ensure that they have fully explained to the organization members the legal basis, such as the necessity for concluding or performing a contract to which an individual is a party, or for implementing HR management in accordance with the legally established labor rules and regulations and the legally signed collective contract, so that End Users can use the Service through their own DingTalk accounts or exclusive accounts.

2) They shall keep confidential the trade secrets of enterprises available to them during the use of the Service, and protect the personal information, privacy, and other rights and interests of End Users.

3) They shall guarantee the confidentiality of administrator accounts and the security of login information of the OA Platform, and shall not transfer or provide the administrator accounts to others in any way.

If you apply for an administrator account or a sub-administrator account as a DingTalk Enterprise Organization User, you shall add, specify, or change a management member and/or a sub-administrator, and be liable for the behavior of the management members. The behavior of your administrator/sub-administrator account may lead to DingTalk's adjustment of the services for the members of your enterprise organization, and you shall be liable for the consequence thereof, and indemnify DingTalk or others against any losses arising therefrom.

5.3.2 Permissions and responsibilities of exclusive accounts

If a Certified User activates and uses exclusive accounts, the Certified User and its Administrator understand and agree:

5.3.2.1 Control of exclusive accounts An exclusive account is controlled and owned by the Certified User. The Administrator has the right to manage the exclusive accounts on behalf of its enterprise organization, including but not limited to configuring exclusive accounts for End Users, viewing the login information and data security of the exclusive accounts of End Users, and unilaterally disabling, blocking, or deleting the exclusive accounts of the End Users.

5.3.2.2 Information security control A Certified User has the right to strengthen the information security of exclusive accounts through SDKs, mini programs, and self-developed applications, release an information security control system, and authorize an Administrator to take the responsibility for information security control on behalf of the Certified User, including but not limited to information security restrictions, such as prohibiting or withdrawing released documents and information under the exclusive account according to the severity of violation of laws, regulations, and disciplines, prohibiting contacts or organizations from being added, deleting contacts or organizations, or prohibiting screenshots and downloads, restricting logins, freezing accounts, and restricting part or all of the functions.

5.3.2.3 Content regulation and control A Certified User has the right to manage any content (e.g., avatar, name, user description, or logs, notices, comments, replies and other information or content written, sent or forwarded by text, voice, picture, video, etc.) generated, produced, reproduced, released, or disseminated during the use of the exclusive account by the End Users within its organizational structure, including warning End Users against infringement upon the legitimate rights and interests of other users or third parties. If you, as a Certified User or an Administrator, find or receive reports or complaints from others that the content generated by an End User violates applicable laws, regulations, or employee code of conduct, you have the right to delete, block, or otherwise handle relevant content at any time without notice after verification, and deal with the exclusive account according to the severity of the violation, including but not limited to giving reminders or warnings, restricting or prohibiting part or all of the functions, disabling/deleting the account, and announcing handling results.

5.3.2.4 Processing of personal information A Certified User, based on the necessity of concluding or performing a contract, to which an End User is a party, or the necessity for implementing HR management through legally established labor rules and regulations and a collective contract legally signed with an End User, has the right to collect or process the personal information necessary for the login and use by the End User of an exclusive account, and authorize DingTalk to process the Enterprise Organization-Controlled Data and the personal information of its End Users for realizing the purposes hereof to the extent required by the Service.

5.3.3 Permissions and responsibilities of accounts for End Users

5.3.3.1. You acknowledge that when you complete the registration process or actually use the Service in a manner permitted by DingTalk, you should be a natural person, legal person, or organization with full capacity for civil rights and the capacity for civil conduct appropriate to your acts. If you do not qualify as the aforementioned entity, please do not use the Service, otherwise you and your guardian shall bear all the consequences arising therefrom, and DingTalk has the right to delete (or permanently freeze) your account, and claim compensation from you and your guardian.

5.3.3.2 You understand, agree, and undertake that the information, such as the account name, avatar, and profile, that you use for registration shall not contain any illegal or inappropriate information; and that you shall not register a DingTalk or Ding account by pretending to be someone else, or for someone else without authorization, or in a way that may mislead other users, nor use a username that may infringe upon the rights and interests of others (including but not limited to alleged infringements upon trademarks or reputation rights), otherwise DingTalk has the right to reject your registration application or to cease providing services to you and revoke your DingTalk or Ding account, and you shall assume all losses arising therefrom.

5.3.3.3 You understand and agree that the registered DingTalk accounts (including client account and service management account) shall vest in DingTalk, and after the accounts are registered, you only have the right to use the accounts. The right to use a DingTalk account shall vest in its initial registrant only, and such DingTalk account shall not be transferred or provided to others in any way, otherwise DingTalk has the right to revoke the account immediately without notice, and you shall solely bear the losses arising from the deletion, loss, etc., of all data and information generated during your use of the Service.

5.3.3.4 You understand and agree that if you fail to log into your DingTalk account for more than twelve (12) months after the registration of the account, DingTalk has the right to revoke the account for management optimization or other purposes.

5.4 Dissolution of enterprise organizations

When the dissolution of an enterprise organization is operated under an administrator account, we will, according to DingTalk's organization dissolution process, remind the Administrator that the Enterprise Organization-Controlled Data will irreversibly be deleted or anonymized after the dissolution, and delete the administrator account and all data, documents, information, and related benefits of the DingTalk Enterprise Organization User generated by the End Users within the organizational structure, including but not limited to terminating the service agreement signed with the enterprise, revoking the enterprise address book, canceling End Users' benefits offered by the DingTalk Enterprise Organization User, deleting all information in the administrator account, and deleting the data and information on the OA Platform. Please exercise caution when performing the dissolution operation.

 

6 DingTalk Platform Governance

You fully understand and agree that DingTalk only provides technical services concerning office digitization, communication and collaboration for customers, Administrators, and End Users, and that enterprise organizations, Administrators, and End Users shall be solely liable for their respective behavior during their use of the Service and the consequences arising therefrom. Accordingly, you shall understand that you may see/receive illegal or improper behavior/ information from others during your use of the Service, and you shall judge and act at your own risk. For Certified Users, DingTalk will perform its platform governance from the following three aspects:

6.1 Content compliance management

In terms of the Service, DingTalk will fulfill the following responsibility for managing the entities on the information content security platform in accordance with the law:

 (1). Develop and improve systems for user registration, account identity verification and management, information pre-release review, posts and comments review, layout and page management, real-time inspection, emergency response, and disposal of Internet rumors and illegal industry chain information.

 (2). Assign persons to ecological governance of network information content, staff the platform with professionals appropriate for the business scope and service scale, strengthen training and assessment to improve the quality of employees.

 (3). Strengthen information content management. If any Certified User, Administrator or End User is found or known to upload, transmit, disseminate, or spread illegal information through DingTalk, we will take corresponding measures immediately in accordance with the law, keep relevant records and report to the competent authorities concerned.

 (4). Set up accessible channels for public complaints and reports at prominent positions and promptly accept and deal with public complaints and reports and announce handling results.

 (5). Carry out content security control by warning, reporting, penalizing, and expelling violators.

The information content herein refers to any content produced, copied, published and disseminated by the Administrator and End Users during the use of DingTalk and the Service, including but not limited to avatar, nickname, user description and other registration information in a DingTalk account or exclusive account, or text, audio files, pictures, replies, notices, or related links, or other content generated during the use of DingTalk and the Service under a DingTalk account or exclusive account.

DingTalk has been committed to providing users with a safe and standardized network environment, and Certified Users and their Administrators, as well as End Users are not allowed to produce, copy, publish, disseminate the following information which may interfere with the normal operation of DingTalk, through DingTalk accounts, third-party accounts authorized by DingTalk, exclusive accounts, and the Service, or upload, send or share any information that is restricted or prohibited by relevant laws, regulations, rules, standards, and any legally binding criteria, as well as other content that infringes the legitimate rights and interests of other users or third parties.

6.2 Information security management

DingTalk will take the following measures for cybersecurity in accordance with the Multi-Level Protection Scheme to protect the network against interference, damage or unauthorized access and prevent network data from leakage, theft, and tampering.

 (1). Formulate internal security management systems and operating procedures and designates persons in charge of cybersecurity;

 (2). Take technical measures against computer viruses, network attacks, network intrusions and other behaviors that undermine network security;

 (3). Take technical measures to monitor and record network operation status and network security events, and keep relevant network logs for no less than six months as required;

 (4). Classify, back up and encrypt important data;

 (5). Formulate and improve the data security management system, organize data security training, and take corresponding technical measures and other necessary measures to ensure data security;

 (6). Carry out data security risk monitoring and fix identified vulnerabilities in a timely manner;

 (7). Conduct emergency disposal of data security events, inform users in time and report to relevant competent departments as required.

Certified Users and their Administrators and End Users understand and agree that although DingTalk's important information systems have passed the certification of the ISO27001:2013 Information Security Management System, the 27018:2014 Code of Practice for Protection of Personally Identifiable Information (PII) in Public Clouds, the SOC 2 Type 2 report (audit of three principles: security, confidentiality and privacy), and Level III Information Security, and relevant cybersecurity measures have been established, we will continue to make reasonable commercial efforts to protect Certified Users' information as the Internet environment will never be 100 percent secure.

6.3 Entrusted data processing

DingTalk will take reasonable measures in accordance with the law to protect the Enterprise Organization-Controlled Data and the personal information and privacy of End Users.

6.3.1. Except as otherwise provided by law and necessary for providing the Service, DingTalk will not disclose the Enterprise Organization-Controlled Data to third parties, including the personal information of End Users collected by Certified Users for HR management, without permission of the Administrator of any Certified User. DingTalk will not entrust any third party to process the Enterprise Organization-Controlled Data and End Users' personal information.

6.3.2. DingTalk has improved the management system and operating procedures for the protection of the Enterprise Organization-Controlled Data and personal information/privacy, enhanced data classification and management of operation permissions for technology developers, and carried out safety training for relevant personnel. DingTalk will encrypt relevant information before storing or transmitting it. The Enterprise Organization-Controlled Data will be stored using encryption, de-identification and other technologies to protect personal privacy data.

6.3.3. DingTalk has formulated emergency plans for personal information security incidents. It will take remedial measures as required when necessary, inform the Certified Users and their End Users in a timely manner, and report to relevant competent departments.

6.3.4. DingTalk has introduced technical means to monitor the risks of unauthorized access, so as to mitigate the risk of personal information leakage, tampering and loss.

6.3.5. DingTalk will take necessary measures in accordance with the provisions of laws and administrative regulations to ensure the security of the personal information processed, and assist the Certified Users and their Administrators to protect the personal information of End Users.

6.3.6. DingTalk will keep the Enterprise Organization-Controlled Data of Certified Users only for the purposes of this Agreement within the time period required by applicable laws and regulations. For example, DingTalk will, in accordance with the requirements of the Cybersecurity Law of the People's Republic of China, keep relevant network logs generated by the Administrators and End Users during their use of the Service for no less than six months. After the Administrator deletes their enterprise organization, DingTalk will delete the Enterprise Organization-Controlled Data of Certified Users or anonymize the relevant data according to the requirements of applicable laws.

For more information on personal information and privacy protection policies, please refer to DingTalk Privacy Policy.

 

7 Responsibilities of Certified Users

In order to realize HR management, information security control, and online working, Certified Users and their Administrators shall reasonably control End Users' use of the Service, including but not limited to a) requiring End Users to use DingTalk in accordance with the law and in compliance with relevant DingTalk agreements and regulations such as this Agreement, DingTalk Privacy Policy, DingTalk Certification Rules, DingTalk Security Convention within the authorized scope of DingTalk; b) prohibiting End Users from producing, copying, publishing or disseminating the information that may compromise the normal operation of DingTalk software or the content that may infringe the legitimate rights and interests of other users or third parties through DingTalk accounts, third-party accounts authorized by DingTalk, exclusive accounts, or DingTalk software and services; c) formulating corresponding labor rules and regulations, codes of conduct, information security norms, etc., to restrict End Users in information release, information security management and personal information protection during their online mobile working, communication and collaboration, so as to hold the Certified Users harmless from joint and several liability for the behavior of their End Users or punishment by DingTalk in accordance with the provisions herein, specifically:

7.1 Information release control

7.1.1. Certified Users and their Administrators shall make End Users understand their legal obligations regarding information release during their use of the Service in accordance with the law. For example, when a DingTalk IM group is created, the group creator and administrators shall be responsible for managing the group and regulating the behavior and information release by members in the group in accordance with laws and regulations, this Agreement and the platform convention, so as to build a civilized and orderly online community; the End Users, as members of the IM group, shall abide by laws and regulations, interact and communicate in a civilized and rational way, and shall not disseminate information prohibited by laws and regulations through the IM group. If a Certified Users and its Administrator want to set up a DingTalk Service Window or DingTalk Look/Circle for information publishing and sharing, they are deemed as a public content creator and operator, so they shall establish a sound information security review mechanism involving topic selection and planning, editing and production, publication and promotion, and interaction in accordance with the law, and strengthen the review on the orientation, authenticity and legality of the content, in a bid to maintain good order of information dissemination.

7.1.2. In any case, Certified Users and their Administrators shall prohibit their End Users from publishing, transmitting, disseminating, and storing the content that violates national laws and regulations, including those:

 (1) violating the basic principles as set forth in the Constitution;

 (2) endangering national security, divulging national secrets, subverting national political power, or undermining national unity;

 (3) damaging national honor and interests;

 (4) inciting ethnic hatred or ethnic discrimination, or undermining ethnic unity;

 (5) undermining relevant national religious policies or propagating cults or feudal superstition;

 (6) spreading rumors, disrupting social order, or undermining social stability;

 (7) spreading obscenity, pornography, gambling, violence, terror, or instigating crimes;

 (8) insulting or slandering others or infringing upon the legitimate rights and interests of others;

 (9) inciting unlawful assembly, association, procession, demonstration, and gathering crowds to disrupt the social order;

 (10) organizing activities in the name of illegal non-governmental organizations;

 (11) not complying with the "Interim Provisions on the Administration of the Development of Public Information Services Provided through Instant Messaging Tools", "Administrative Provisions on Internet Group Information Services", "Administrative Provisions on the Information Services Provided through Official Accounts of Internet Users", "Provisions on the Administration of Cyber Audio and Video Information Services" or not in compliance with the requirements of "seven bottom lines" of laws and regulations, the socialist system, national interests, citizens' legitimate interests, public order, social morality and information authenticity;

 (12) other content prohibited by laws and administrative regulations.

7.1.3 To protect the legitimate rights and interests of others in accordance with the law, Certified Users and their authorized Administrators shall prohibit their End Users from:

 (1) publishing, transmitting, disseminating, and storing content that infringes upon the legal rights of others such as reputation rights, portrait rights, intellectual property rights, trade secrets, etc;

 (2) involving the release and disclosure of others' privacy, personal information or data;

 (3) publishing, transmitting, disseminating harassment, advertising information, over-marketing information and spam or information/content containing any sexual content or sexual innuendo;

 (4) involving other information or content that violates laws, regulations, policies, public order and good customs, social ethics or interferes with the normal operation of DingTalk and infringes upon the legitimate rights and interests of other users or third parties.

7.1.4 Certified Users and their Administrators shall:

 (1) improve the enterprise content security management system, including authority management, information review for release, posts and comments review, layout and page ecological management, real-time inspection, emergency response, and disposal of Internet rumors and illegal industry chain information.

 (2) strengthen the management of enterprise information content. Once illegal information is discovered, enterprises shall immediately take disposal measures according to law, keep relevant records, and promptly report to the DingTalk or report to the relevant competent department.

 (3) determine persons and administrations responsible for content security of Certified Users to accept and deal with reports from employees based on the report acceptance function of DingTalk, or request DingTalk to provide reasonable relief.

 (4) formulate and implement strategies that are compatible with enterprise management based on the content security management tools delivered by DingTalk, to block, audit and dispose of the content released by employees.

Certified Users and their Administrators understand and agree that the Enterprise Organization-Controlled Data generated during the use of the Service involves business information and technical secrets. DingTalk will protect the trade secret and legitimate rights and interests generated by the Administrators and End Users during their working, communication and collaboration. However, if the Certified Users are negligent in fulfilling the obligations as the subject of information release service, or regulating the network behavior and released information content of their End Users as members of the enterprise or organization group, persons replying posts and giving comments, enterprise information agents, online audio and video information service users, DingTalk streamers and participants, audience, or failing to implement End User compliance agreement, or specifications for civilized interaction and rational communication, DingTalk will exercise its platform governance rights in accordance with the law and fulfill its disposal, regulation and reporting obligations.

7.2 Information security management

7.2.1 Certified Users and their Administrators may activate, manage and use DingTalk's existing online office, communication, collaboration apps and services on their own, for example, taking information security upgrade control measures through self-developed or third-party services, setting group guide, setting the access scope and permissions of enterprise files and knowledge bases, activating and using third-party encryption services, purchasing exclusive security services (watermarks, restricted screenshots, peripheral unavailability, etc.) and other information security protection measures. For the implementation of relevant information security control measures, the Certified Users understand and agree to:

 (1) develop and implement security policies appropriate for enterprise management based on the data security management tools delivered by DingTalk.

 (2) formulate and improve the enterprise's whole-process data security management system, configure sub-administrators with corresponding permissions, organize training sessions, and take proper technical measures and other necessary measures to ensure data security.

 (3) cooperate with the judicial investigation of the competent state regulatory authorities in accordance with the law, and protect the privacy of employees' communications in accordance with the law.

 (4) define personnel and administrations in charge of data security, and accept and deal with employee reports based on the report acceptance function of DingTalk.

7.2.2 DingTalk Enterprise Organization Users and their Administrators understand and agree that the enterprise organizations shall perform information security control on their own, such as the use of third-party encryption services, exclusive security services and other measures, shall use the Service in accordance with laws and the provisions of this Agreement, and shall cooperate with DingTalk in fulfilling the statutory platform governance obligations in accordance with the law, such as cooperating in the judicial investigation to perform the decryption obligations for third-party encryption. Otherwise, the enterprise organizations shall bear all the legal consequences caused by the enterprises' office and trade secret protection and other information security control measures.

7.3 Personal information protection

Certified Users shall protect the legitimate rights and interests of End Users in accordance with the law, including the protection of End Users' personal information/privacy:

7.3.1 The Administrators shall ensure they have obtained the clear consent of the organization members in advance, or have entered into a corresponding agreement with the End Users in terms of collecting proper personal information of the End Users and sharing them with DingTalk as necessary for the purpose of HR management, and have fully informed the organization members of the purpose, scope and use of relevant data collection, when uploading and managing the names, photos, mobile numbers and other personal information of organization members through DingTalk to create a DingTalk enterprise organization.

7.3.2 Certified Users shall establish an information security protection system and conduct information security education for End Users, including but not limited to: granting management permissions to appropriate personnel; reasonably setting the management permission of relevant personnel; reminding or requiring End Users to pay attention to information security and account security to prevent information leakage caused by account use by others.

3. For any personal information of End Users generated, collected, or provided by the Certified Users in the process of using the Service, the Certified Users shall, as the performer of processing personal information necessary for the performance of HR management, use the Service in accordance with all applicable laws and regulations, and shall perform the obligations of the Certified Users hereunder, and shall:

 (1) comply with all applicable privacy and data protection laws and regulations that may be amended as necessary, including those applicable to personal information, and provide DingTalk with the necessary information to prove that you have complied with the foregoing laws and regulations and this Agreement;

 (2) use and process the users' personal information only for the purpose of using the software and the Service, unless otherwise authorized or agreed upon by the End Users;

 (3) clearly and accurately describe to your End Users the personal information you collect and how you will use it and share it with third parties, etc;

 (4) take appropriate technical and systematic security measures to protect personal information from unauthorized access or use, and conduct regular tests on the effectiveness of the afore-mentioned security measures;

 (5) ensure that all persons who have access to personal information are subject to the obligation of confidentiality;

 (6) report promptly to DingTalk, End Users and relevant data protection agencies in the event of any unauthorized access or use of personal information;

 (7) meet the requirements of End Users to exercise their rights in accordance with applicable laws and regulations.

7.4 Obligation to inform End Users

Certified Users and their Administrators understand and agree that in order to ensure that the enterprise organizations are entitled to control the personal information of End Users and the resulting data uploaded, entered, published, transmitted, stored, and shared by the End Users during the use of the Service, and that the End Users comply with the regulations of the Certified Users in terms of content information release control, information security management and personal information protection and the rights and obligations in this Agreement, for the purpose that the Certified Users entrust DingTalk in accordance with the law to process the Enterprise Organization-Controlled Data (including End Users' personal information) for HR management, the Certified Users and their Administrators shall inform the End Users of the rights and obligations related to the use of the Service through the relevant information access tools or other forms accepted by DingTalk.

 

8 DingTalk Regulations on Illegal Information Handling

8.1 Certified Users and their Administrators shall formulate enterprise organization rules and regulations such as codes of conduct for employees, conventions of enterprises or organizations, etc., and ensure, through methods such as publicity, training, assessment, that End Users are not allowed to upload, send or share any information content that is restricted or prohibited by relevant laws, regulations, rules, specifications and any legally effective norms, and ensure that End Users shall not engage in violations of the requirements of "seven bottom lines" of laws and regulations, the socialist system, national interests, citizens' legitimate interests, public order, social morality and authenticity of the information.

8.2 If the Administrators and End Users violate laws and regulations, infringe upon the legitimate rights and interests of third parties or violate this Agreement and related agreements and management rules, whether discovered by DingTalk or reported by others, DingTalk has the right to verify, forward, delete, block or otherwise the reported content in accordance with the provisions of relevant laws and regulations, and take measures including but not limited to revoking the account or restricting, suspending, or terminating the use of part or all of the Service, investigating legal responsibility, reporting to competent regulatory agencies and publicity of violations of laws and regulations by Certified Users. For a paid app service, DingTalk has the right to unilaterally request for rectification within a time limit and restriction of the use of the service until the suspension or termination of the corresponding service, without liability for breach of contract; in the event of any third-party litigation, complaints, claims or administrative punishment suffered by DingTalk due to your fault, you shall fully indemnify and hold harmless DingTalk from damages and losses.

8.3 If it is you who use DingTalk's paid app services, DingTalk has the right to unilaterally require rectification within a time limit and restriction of service use until the suspension or termination of the corresponding service, without liability for breach of contract;

8.4 In the event of any third-party litigation, complaints, claims or administrative punishment suffered by DingTalk due to your published content or your behavior, you shall fully indemnify and hold harmless DingTalk from all liabilities or losses.

8.5 For relevant handling regulations, please refer to DingTalk Regulations on Illegal InformationHandling.

 

9 Dispute Resolution and Miscellaneous

9.1 The interpretation and application of this Agreement and disputes hereunder shall be subject to the laws of the people's Republic of China, taking the Hangzhou Yuhang District People's Court as the Court of First Instance.

9.2 If any provision of this Agreement becomes invalid or unenforceable, such provision may be deemed severed from this Agreement, without prejudice to the validity of other provisions.

9.3 This Agreement is part of DingTalk Services Agreement; any matters not agreed in this Agreement shall apply DingTalk Services Agreement; in the event of any conflict between this Agreement and DingTalk Services Agreement, this Agreement shall prevail.

 

10 Contact Information

You can conduct online consultation through the [DingTalk Client - Customer Service and Help], or call our customer service staff through your exclusive service agent or customer service hotline (if any) for consultation. You can also contact us by the following contact methods:

DingTalk (China) Information Technology Co., Ltd.

Contact Department: DingTalk User Operations Center

Email: dingtalkteam@alibaba-inc.com

Address: Building 5, Future Park, No. 959 Gaojiao Road, Wuchang Subdistrict, Yuhang District, Hangzhou, 311100

 [No content below]