Qwen Cloud Website Privacy Policy
Updated: April 1, 2026
This Qwen Cloud Website Privacy Policy (“Privacy Policy”) applies to your access and use of the Qwen Cloud Website located currently at www.qwencloud.com (referred to as the “Website” hereinafter) provided by Intelligent Cloud Computing (Singapore) Private Limited, and the Services provided by the Qwen Cloud entity listed in the first paragraph of the Qwen Cloud Customer Agreement (referred to as “we”, “us”, “our” or “Qwen Cloud” hereinafter). The capitalised terms not defined in this Privacy Policy shall have the same meaning as in the Terms of Use and the Qwen Cloud Customer Agreement.
This Privacy Policy sets out how we collect, use, transfer, retain, secure and disclose your personal data and/or personal data about your customers or end users that we process pursuant to your use of the Website and/or our Services, as well as other terms relating to data location. It also describes your choices regarding use, access and correction of your personal data.
If you use your business organization’s email address to register an account on our Website and purchase or use our Services, your organization’s access and use of our Website and Services may be subject to your organization’s own rules or policies, and you shall direct all privacy enquiries relating to such rules or policies to your organization’s administrators. We are not responsible for the privacy or security practices of your organization.
Our Website and/or Services may be used by our Customers to develop, host or provide their own services and products for their End Users, such as through our API. Any information collected or processed by us in such circumstances is processed on behalf of our Customer who controls the collection and use of such information. We do not have a direct relationship with the End Users of our Customer. Where this is the case, End Users should direct all privacy enquiries, such as any requests to access, correct, amend or delete personal data, to the Customer providing their services or products. We are not responsible for the privacy or security practices of our Customers. This Privacy Policy does not apply to personal data that we process solely in our capacity as a service provider or processor on behalf of our Customers.
This Privacy Policy supplements but does not supersede nor replace any other consents you may have previously provided to us in respect of your personal data, and any consents you may have provided in connection with this Privacy Policy are cumulative and additional to any rights which we may have under applicable law to handle or process your personal data.
Unless otherwise specified, the Privacy Policy does not apply to any products and/or services provided by any third party independently through our Website and/or Services, such as third-party models or products listed on the Website, or other products or websites displayed as your search results or other websites linked via our Services. We are not responsible for the privacy practices of third parties. If you access or use any third party’s products or services, you should check the applicable third party’s privacy policy to determine how they will handle any personal data you provide to them or which they collect from you. We are not responsible for any third party’s improper use or disclosure of any personal data.
1.
Personal Data we collect
For the purposes of the Privacy Policy, “personal data” refers to any information relating to an identified or identifiable natural person. The ways in which we collect personal data include: (a) where you provide personal data to us; (b) where you access or use the Website and/or Services; and/or (c) where we obtain personal data from third parties.
Data Description | Source | |
Account Information: We may collect your personal data relating to your account, such as your name, mobile number, country, preferred language, email address, contact address when you sign up for, log in to, or maintain an account with us. | Information directly provided by you to us. | |
Payment Information: Your payment instrument (such as credit cards), including information about the issuing institution, your payment instrument number, the security code, and the expiration date of your payment instrument, which are provided directly to our payment service provider. | ||
User Content: We may collect personal data that you provide or upload when accessing or using our Website and/or Services, including: ‒ Content, prompts, and other input content you submit to Try AI, such as text, files, images, video and audio (if any), depending on the features you use; ‒ Other messages, materials or content you upload or submit to or through the Website and/or the Services; ‒ Content, prompts and other input data submitted by End Users through any product or services developed or provided by our Customers using our Website and/or Services. | ||
Feedback: We appreciate feedback, including ideas and suggestions for improvement or rating an output in response to a prompt. | ||
Communication Information: If you communicate with us, such as via email or our pages on social media sites, we may collect personal data such as your name, contact information, and the contents of the messages you send. | ||
Output Data: We may collect personal data and other content generated by the Services in response to prompts or other inputs, including text, images, audio, and other generated outputs. | Information we automatically collect during your use of the Services | |
Log Data: We may collect information that your browser or device automatically sends when you use our Website and/or Services. This may include the brand, model, and ID of your device, your Internet Protocol (IP) address, browser type and settings, the date and time of your request, and how you interact with our Services. | ||
Usage Data : We may collect information about your use of the Website and/or Services, such as the types of content that you view or engage with, the features you use and the actions you take, as well as your time zone, country, the dates and times of access, user agent and version, type of computer or mobile device, and your computer connection. | ||
Cookies: To improve your experience, we may use cookies and similar technologies to operate our Website and/or Services. For details about our use of cookies, please refer to the Qwen Cloud Website Cookies Notice. | ||
Account Information shared from third parties: We may offer you an option to log in using your existing account with certain third-party social networking sites (“SNSs”) such as Google and Github. If you elect to do so, we may obtain your personal data(e.g., email address, profile picture, name) from the SNS pursuant to your agreement with that SNS. The personal data we collect may depend on the privacy settings you have set with the SNS. We suggest that you check the privacy and data policies and practices of the SNS to learn how they handle personal data. | Information we collect from third parties. | |
2.
How we use your personal data
We may collect, use, process and/or disclose your personal data for the purposes set out in the table below:
Purpose/Activity | Type of personal data |
To provide, maintain and facilitate our Website and/or Services | - Account Information - Payment Information - User Content - Communication Information - Output Data - Log Data - Usage Data - Cookies (essential and functional cookies only) |
To enable you to log in to our Website using third-party accounts | - Account Information shared from third parties |
To provide technical support, troubleshoot issues, and respond to your inquiries | - Account Information - Feedback - Communication Information - Log Data - Usage Data - Cookies |
To send you marketing communications, where you have signed up to receive them | - Account Information - Communication Information |
To prevent, detect and respond to fraud, illegal activity, or misuses of our Website and Services, and to protect the security of our systems, Website and Services | - Account Information - User Content - Output Data - Log Data - Usage Data - Cookies |
To maintain, analyze and improve our Website and/or Services | - Account Information - User Content - Feedback - Output Data - Log Data - Usage Data - Cookies |
To comply with legal obligations and to protect the rights, privacy, safety, or property of our users, us, or third parties. | - Account Information - User Content - Feedback - Communication Information - Output Data - Log Data - Usage Data - Cookies |
3.
Disclosure of Personal Data
We may disclose your personal data to the following categories of recipients:
3.1 Our affiliated companies and/or their designated service providers, who provide data processing services necessary to provide you with our Services; We have appropriate agreements with our affiliated companies for the sharing of your personal data and/or outsourcing of the processing of your personal data to affiliated companies. The designated service providers (and their sub-processors, if any) of our affiliates will be engaged under terms compliant with applicable laws and under appropriate duties of confidentiality and will only be permitted to use your personal data in connection with the purposes specified in Section 2 of the Privacy Policy;
3.2 We may disclose your personal data to third party service providers engaged by us to assist with providing you with our Services (including partners providing customer services to you, and conducting payment processing services) (the “Third Party Service Providers”). These Third Party Service Providers may be located in Singapore or outside of Singapore, and are engaged under terms compliant with applicable data protection laws and/or appropriate duties of confidentiality to us and are only permitted to use your personal data in connection with the purposes specified in Section 2 above, and not for their own purposes. These Third-Party Service Providers may further contract some components of the services they provide to us to other service providers. These other service providers may also be located in Singapore or outside of Singapore, and are under a duty of confidentiality to our Third Party Service Providers and are only permitted to use your personal data in connection with the purposes specified in Section 2 above, and not for their own purposes;
3.3 Any competent law enforcement body, regulatory, government agency, court or other third party (such as our professional advisers) where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights or so a third party can defend theirs, or (iii) to protect your vital interests or those of any other person;
3.4 To an actual or potential buyer (and its agents and advisers) in connection with any actual or proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your personal information only for the purposes disclosed in this Privacy Policy;
3.5 Any other person, with your consent to the disclosure;
3.6 We have established and will establish relationships with other parties and websites to offer you the benefit of their products and services. This Privacy Policy does not apply to these third parties and websites. The privacy policies of those other parties may differ from ours, and we have no control over the information that you submit to those third parties. You should read the relevant privacy policy for those third parties and websites before responding to any offers, products or services advertised by those parties.
4.
How Your Personal Data May Be Transferred Globally
4.1 Depending on where you are located and the features of our Website and/or Services which you access or use, your personal data may be transferred out of and processed outside of the jurisdiction in which you are located, such as to an affiliate or third party (as explained in Section 3) located overseas. These countries may have data protection laws that are different from the laws of your jurisdiction (and, in some cases, may not be as protective).
4.2 We take appropriate safeguards to ensure that your personal data will remain protected in accordance with this Privacy Policy and applicable laws and we only transfer your data overseas in accordance with applicable law and legally valid transfer mechanisms. If you are located in the EEA or the UK, please refer to the EEA and UK Addendum at the end of this Policy for our commitment with regard to transferring your data to another jurisdiction.
5.
Retention and Destruction
5.1 We retain the personal data we collect from you where we have an ongoing legitimate need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements). In certain circumstances, we may need to retain your personal data after your account has been deleted. The specific retention periods depend on the nature of the personal data and why it is collected and processed and the nature of the legal requirement. For example, we will retain your personal data when we have a legal obligation to do so (for example pursuant to a court order); or to deal with requests and complaints and for litigation or regulatory matters (for example, where there is an ongoing legal claim).
5.2 When we have no ongoing legitimate business need or legal reason to process your personal data, we will either delete or anonymize it or, if this is not possible, then we will securely store your personal data and isolate it from any further processing until deletion is possible. When deleting personal data, we will take standard commercially reasonable measures to make the personal data practically irrecoverable or irreproducible. The specific manner of deletion will depend on the data being deleted, how the data was collected and stored, and your interactions with us. Electronic documents or files containing personal data will be deleted using a technical method that makes recovery or retrieval of such information practically impossible or renders the data no longer personally identifiable. Non-electronic documents or files containing personal data will be shredded, incinerated, or both.
6.
Security
6.1 We use appropriate technical and organizational measures to protect the personal data that we collect, use, disclose, and process. These measures are designed to provide a level of security appropriate to the risk of processing. Specific measures we use include encrypting your personal data in transit and at rest; developing and implementing an Information Security Programme in accordance with a standard industry framework; employing advance malware protections; implementation of other reasonable security defences (including vulnerability management, access management and recovery/resilience measures).
6.2 Nevertheless, no data transmission over the internet or any wireless network can be guaranteed to be perfectly secure. As a result, while we take reasonable measures to protect your personal data, we cannot completely guarantee the security of any personal data you transmit to us and you do so at your own risk.We cannot and do not guarantee security in connection with your use of the Website and Services.
7.
Minors
Our Website and Services are not directed to, or intended for, children under 18 or the age of majority in any applicable jurisdiction (“Minors”). We do not knowingly collect personal data from Minors. If you have reason to believe that a Minor has provided Personal Data to us through the Website and Services, please contact our DPO via the contact details set out below. We will investigate any notification and, if appropriate, delete the personal data from our systems.
8.
Your Rights
Depending on where you live and subject to applicable laws, you may have certain statutory rights in relation to your personal data. For example, you may have the right to:
8.1 access your personal data and obtain information relating to how it is processed;
8.2 request the erasure of your personal data;
8.3 update or correct your personal data;
8.4 data portability (receive a copy of your Personal Data in a portable format, where applicable);
8.5 restrict or object to the processing of your personal data;
8.6 withdraw your consent; and/or
8.7 make a complaint to the data protection agency in your country.
You can exercise some of these rights through your Account. If you are unable to exercise your rights through your Account, please submit your request to DPO_Intl@alibabacloud.com. We will respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. We may need to verify your identity before processing your request.
8.8 You may withdraw your consent as provided for under the applicable law. However, if you withdraw your consent to any or all collection, use, and/or disclosure of your personal data for one or more purposes, depending on the nature of your request, we may not be in a position to continue to provide our products or services to you, administer any contractual relationship already in place, or perform or conclude an existing or prospective agreement. This may also result in the termination of any agreements you have with us and/or you being in breach of your contractual obligations or undertakings. Our legal rights and remedies in such event are expressly reserved.
9.
COOKIES
We use “cookies” and/or similar technologies (collectively “Cookies”), to collect and use personal data about you for purposes including to enable basic features of our site to function, to provide enhanced and personalised functionality, to conduct analytics, and deliver personalised advertisements. For further information about the types of Cookies we use, why, and how you can control Cookies, please see our Qwen Cloud Website Cookies Notice.
10.
Privacy Policy Updates
We may update this Privacy Policy from time to time in response to changing legal, regulatory, technical or business developments. Any changes to this Privacy Policy will be communicated by us updating the Privacy Policy accessible via the Website and/or Services. The updated Privacy Policy will become immediately effective once updated or at such date as we may specify or required by applicable laws. We may also in our discretion provide notice to you changes to the Privacy Policy via such means as we deem appropriate, such as by email (sent to the e-mail address specified in your account) or by means of a notice via the Website or Services prior to the change becoming effective. To the maximum extent permissible under applicable law, you agree to be bound by the prevailing terms of the Privacy Policy as modified from time to time. Please check back regularly for updated information on the handling of your personal data.
You can see when this Privacy Policy was last updated by checking the “updated” date displayed at the top of this Privacy Policy.
11.
How to contact us
If you have any questions about this Privacy Policy, or have any questions, complaints or requests regarding your personal data, you can contact our DPO via the contact details set out below:
• European Economic Area (EEA)
For individuals in the EEA, and/or in relation to processing conducted by or on behalf of Alibaba (Netherlands) B.V., please contact:
Attention: Data Protection Officer
c/o Herengracht 448, 1017 CA Amsterdam, the Netherlands
E-mail address: DPO_Intl@alibabacloud.com
For individuals in the EEA, Alibaba (Netherlands) B.V. is the relevant "data controller" for the purposes of EEA data protection law.
• United Kingdom and Europe (outside the EEA)
For individuals in the UK or in Europe (but outside the EEA), and/or in relation to processing conducted by or on behalf of Alibaba.com (Europe) Limited, please contact:
Attention: Data Protection Officer
c/o Alibaba.com (Europe) Limited, 8th floor, Millbank Tower, 21-24 Millbank, London SW1P 4QP, United Kingdom
E-mail address: DPO_Intl@alibabacloud.com
For individuals in the UK or Europe (but outside the EEA), Alibaba.com (Europe) Limited is the relevant "data controller".
• Outside the EEA, UK and Europe
For individuals in Malaysia, and/or in relation to processing conducted by or on behalf of Alibaba Cloud (Malaysia) SDN.BHD., please contact:
Attention: Data Protection Officer
c/o 31/F, Tower One, Times Square, 1 Matheson Street, Causeway Bay, Hong Kong.
E-mail address: DPO_Intl@alibabacloud.com
For individuals in Malaysia, Alibaba Cloud (Malaysia) SDN.BHD. is the relevant "data controller".
In all other cases, please contact:
Attention: Data Protection Officer/Alibaba Cloud (Singapore) Private Limited, c/o 51 Bras Basah Road, #03-06 Lazada One, Singapore 189554.
E-mail address: DPO_Intl@alibabacloud.com
AUSTRALIA ADDENDUM
This is an addendum to the Privacy Policy in relation to Australia data subjects (this “Australia Addendum”) and should be read in conjunction with the Privacy Policy.
If you have any questions, concerns or complaints about this Privacy Policy, or how we handle your personal data, please contact our DPO at the address for “Outside the EEA” set forth below, who will review your complaint and respond within a reasonable period.
Attention: Data Protection Officer/Alibaba Cloud (Singapore) Private Limited, c/o 51 Bras Basah Road, #03-06 Lazada One, Singapore 189554.
E-mail address: DPO_Intl@alibabacloud.com
If you are dissatisfied with the handling of your complaint or concern, you may contact the Office of the Australian Information Commissioner:
Office of the Australian Information Commissioner: GPO Box 5218 Sydney NSW 2001
Telephone: 1300 363 992
Email: enquiries@oaic.gov.au
CALIFORNIA ADDENDUM
These additional disclosures supplement the Privacy Policy and apply only to personal data we collect, use, disclose, or otherwise process as a business subject to the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CCPA”). This California Addendum does not apply to personal data that is not processed by us as a business pursuant to the CCPA, such as any personal data processed by us on behalf of our customers or other third parties in our capacity as a service provider.
During the preceding 12 months, we have collected, used, and/or disclosed the categories of personal data described in Section 1 of our Privacy Policy. For example, depending on the Website and/or our Services you use, this may include your identifiers (e.g., IP addresses and email addresses), commercial information, audio information (e.g., recordings of customer support communications), and Internet and other electronic activity information. This may also include inferences we draw from the other information we collect.
We do not sell or share personal information.
Subject to the CCPA and other applicable laws, California residents are entitled to the rights described in Section 8 above and additional rights such as the right to opt out of the sale or sharing of personal information. We will not discriminate against you for exercising any of your privacy rights, such as charge you different prices or provide different quality of services unless those differences are related to your information or otherwise permitted by law. Please submit your request by sending us an email to DPO_Intl@alibabacloud.com. Once we receive your request, we may verify it by requesting information sufficient to confirm your identity, including by asking you to verify information about your use of the Website and/or our Services. If you would like to use an agent registered with the California Secretary of State to exercise your rights, we may request evidence that you have provided such agent with power of attorney or that the agent otherwise has valid written authority to submit requests to exercise rights on your behalf.
EEA and UK ADDENDUM
This section of the Privacy Policy applies only if you are located in the EEA or the UK or Europe (but outside the EEA) and supplements the information in this Privacy Policy.
Collection of Personal Data
We may collect, use, process and/or disclose your personal data for the purposes set out in the table below:
Purpose/Activity | Type of personal data | Lawful basis for processing |
To provide, maintain and facilitate our Website and/or Services | - Account Information - Payment Information - User Content - Communication Information - Output Data - Log Data - Usage Data - Cookies (essential and functional cookies only) | - To enter into or perform a service contract with you |
To enable you to log in to our Website using third-party accounts | - Account Information shared from third parties | - Our legitimate interests in providing a convenient and secure authentication experience |
To provide technical support, troubleshoot issues, and respond to your inquiries | - Account Information - Feedback - Communication Information - Log Data - Usage Data - Cookies | - Performance of a contract with you, where support is necessary to provide the Website and/or Services - Our legitimate interests in responding to inquiries and providing customer support, where applicable |
To send you marketing communications, where you have signed up to receive them | - Account Information - Communication Information | - Consent (where required under applicable law) |
To prevent, detect and respond to fraud, illegal activity, or misuses of our Website and/or Services, and to protect the security of our systems, Website and/or Services | - Account Information - User Content - Output Data - Log Data - Usage Data- Cookies | - Legitimate interests (preventing fraud, abuse, illegal activity, unauthorized use, and security incidents, and managing the security and Integrity of our Website and/or Services) - Legal obligation (where required by applicable laws) |
To maintain, analyze and improve our Website and/or Services | - Account Information - User Content - Feedback - Output Data - Log Data - Usage Data - Cookies | - Legitimate interests (maintaining, analyzing, and improving our Website and/or Services) |
To comply with legal obligations and to protect the rights, privacy, safety, or property of our users, us, or third parties. | - Account Information - User Content - Feedback - Communication Information - Output Data - Log Data - Usage Data - Cookies | - Comply with applicable legal obligations - Legitimate interests (protecting the rights, property, and safety of our users, ourselves, and third parties) |
Controller of Your Personal Data
We are the controller of personal data only when we determine the purposes and means of processing that personal data. For example, when Customers of our Services register an account with us or provide contact information in order to receive customer support, we are the controller of that data. When customers host their own services on our Website and/or Services, we act as a data processor with respect to that data.
If you have any questions about this Privacy Policy, or have any questions, complaints or requests regarding your personal data, you can contact our DPO via the contact details set out below:
• European Economic Area (EEA)
For individuals in the EEA, and/or in relation to processing conducted by or on behalf of Alibaba (Netherlands) B.V., please contact:
Attention: Data Protection Officer
c/o Herengracht 448, 1017 CA Amsterdam, the Netherlands
E-mail address: DPO_Intl@alibabacloud.com
For individuals in the EEA, Alibaba (Netherlands) B.V. is the relevant "data controller" for the purposes of EEA data protection law.
• United Kingdom and Europe (outside the EEA)
For individuals in the UK or in Europe (but outside the EEA), and/or in relation to processing conducted by or on behalf of Alibaba.com (Europe) Limited, please contact:
Attention: Data Protection Officer
c/o Alibaba.com (Europe) Limited, 8th floor, Millbank Tower, 21-24 Millbank, London SW1P 4QP, United Kingdom
E-mail address: DPO_Intl@alibabacloud.com
For individuals in the UK or Europe (but outside the EEA), Alibaba.com (Europe) Limited is the relevant "data controller".
Your Rights
If you are a resident of the EEA, UK or Europe (but outside the EEA), you have the following data protection rights, which you can exercise at any time by contacting us using the contact details provided under Section 11 above:
-
The right to access your personal data and confirm the existence of processing.
-
The right to correct, update or request anonymization, blocking or deletion of your personal data.
-
The right to object to processing of your personal data when it is based on our legitimate interests.
-
The right to ask us, in some situations, to restrict processing of your personal data or request portability of your personal data.
-
The right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you to opt-out of other forms of marketing (such as postal marketing or telemarketing), then please contact us using the contact details provided under Section 11.
-
If we have collected and process your personal data with your consent, then you have the right to withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent.
-
The right to request the review of decisions exclusively based in automated processing, which might affect your interests.
-
The right to complain to a data protection authority about our collection and use of your personal data. For more information, please contact your local data protection authority. Certain supervisory authorities will require that you exhaust our own internal complaints process before looking into your complaint.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
International Transfer of Personal Data
We store the personal data described in Section 1 in servers located in Singapore.
Some of our affiliates, located outside your country of residence such as China, are given limited remote access to this information so they can provide certain functions, as described in Section 2. This access is limited, secure and only granted where necessary under strict security controls and authorisation approval protocols.
We share the personal data described in Section 1 with service providers and other third party entities, as described in Section 3. These third parties can be located outside your country of residence.
These entities commit to processing information in compliance with applicable privacy laws and to implementing appropriate security measures to protect your information.
When we transfer your information outside of the EEA, the UK, or Switzerland, we ensure it benefits from an adequate level of data protection by relying on:
-
Adequacy decisions. These are decisions from the European Commission under Article 45 GDPR (or equivalent decisions under other laws) where they recognise that a country offers an adequate level of data protection. We transfer personal data as described in Section 1 to some countries with adequacy decisions; or
-
Standard contractual clauses. The European Commission has approved contractual clauses under Article 46 of the GDPR that allows companies in the EEA to transfer data outside the EEA. These (and their approved equivalent for the UK and Switzerland) are called standard contractual clauses. We rely on standard contractual clauses to transfer information as described in Section 1 to our affiliates and third parties in countries without an adequacy decision.
For a copy of these adequacy decisions or standard contractual clauses, please contact us via the details provided in Section 11 above.
In addition, we regularly assess the legal and regulatory frameworks of countries receiving the data to ensure the ongoing effectiveness of our transfer safeguards, particularly in cases where standard contractual clauses are used. These assessments help us determine whether supplementary measures are needed to ensure an essentially equivalent level of data protection as required by the GDPR.
EU-U.S. Data Privacy Framework with UK Extension and Swiss-U.S. Data Privacy Framework
Alibaba Cloud US LLC and Alibaba Cloud LLC comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Alibaba Cloud US LLC and Alibaba Cloud LLC have certified to the U.S. Department of Commerce that we adhere to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) under the UK Extension to the EU-U.S. DPF. Alibaba Cloud US LLC and Alibaba Cloud LLC have certified to the U.S. Department of Commerce that we adhere to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.
We are committed to subjecting all personal data received from European Union (EU) member countries, the United Kingdom and Switzerland, respectively, in reliance on each Data Privacy Framework, to the Framework’s applicable Principles. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
Alibaba Cloud US LLC and Alibaba Cloud LLC remain responsible and liable under the EU-U.S. DPF Principles, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF Principles for transferring personal data received under DPF Principles to a third party who processes the personal data on our behalf in a manner inconsistent with the Framework’s applicable Principles, unless Alibaba Cloud US LLC or Alibaba Cloud LLC prove not responsible for the event giving rise to the damage. Alibaba Cloud US LLC and Alibaba Cloud LLC comply with the DPF Principles for all onward transfers of personal data from the EU, the United Kingdom and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the DPF Frameworks, Alibaba Cloud US LLC and Alibaba Cloud LLC are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC). In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Alibaba Cloud US LLC and Alibaba Cloud LLC commit to resolve DPF Principles-related complaints about our collection and use of your personal information. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact Alibaba Cloud US LLC and Alibaba Cloud LLC at: DPO_Intl@alibabacloud.com. Alibaba Cloud US LLC and Alibaba Cloud LLC commit to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF to TRUSTe, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://feedback-form.truste.com/watchdog/request for more information or to file a complaint. These dispute resolution services are provided at no cost to you.
For complaints regarding DPF compliance not resolved by any of the other DPF mechanisms, you have the possibility, under certain conditions, to invoke binding arbitration. Further information can be found on the official DPF website: https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction.
You may lodge a complaint with a supervisory authority if you consider that our processing of your personal data infringes applicable law.
THE PHILIPPINES ADDENDUM
This is an addendum to the Privacy Policy in relation to Philippine data subjects (this “Philippines Addendum”) and should be read in conjunction with the Privacy Policy.
Location and Storage of Personal Data
Your personal data will be stored in Singapore. Your personal data may however be transferred to or accessed by our officers, employees, support staff, agents, Third Party Service Providers (and their sub-processors, if any), and our affiliates (and their designated Service Providers and the latter’s sub-processors, if any), which may be located in several other jurisdictions.
Rights of Data Subjects
In addition to the above-discussed rights as provided under Section 8 of the Privacy Policy, in accordance with applicable Philippine laws, you have the right to be informed of the processing of your personal data, the right to object to the processing of your personal data (in which case, you may have to cease using certain features of our services), and the right to be indemnified for damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of your personal data, and the right to obtain a copy of your personal data, which has been stored in electronic or structured format. If you believe that your right as a data subject has been violated, you may also file a complaint with the Philippine National Privacy Commission.
Contact Information of Data Protection Officer
If you have any questions regarding this Privacy Policy or want to exercise any of your rights as provided in this Privacy Policy or pursuant to Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012, and its implementing rules and regulations, any relevant issuance of the Philippine National Privacy Commission, and other privacy laws and regulations in the Philippines (as may be amended from time to time), you may reach us through our Data Protection Officer whose contact details are provided below:
Attention: DPO
Address: Alibaba Cloud (Singapore) Private Limited, Legal Department
c/o 51 Bras Basah Road, #03-06 Lazada One, Singapore 189554
SOUTH KOREA ADDENDUM
This is an addendum to the Privacy Policy in relation to South Korean data subjects (this “Korea Addendum”) and should be read in conjunction with the Privacy Policy.
We do not knowingly collect personal information from children in South Korea who are under the age of 14. If you are under the age of 14, please do not sign up to use our Website and Services or provide any information about yourself through the Website and Services.
Collection of Personal Data
Items of personal information processed with the consent of the data subject.
We process the following types of personal information with your consent pursuant to Articles 15(1)1, 24(1)1 and 22(1) of the Personal Information Protection Act (“PIPA”) of Korea.
Purpose/Activity | Type of personal data | Lawful basis for processing | Retention Period |
To provide, maintain and facilitate our Website and/or Services | - Account Information - Payment Information - User Content - Communication Information - Output Data - Log Data - Usage Data - Cookies (essential and functional cookies only) | - To enter into or perform a service contract with you | Unless we are obligated to preserve your personal information by applicable laws and regulations, we will retain and use your personal information until your Account is deregistered. |
To enable you to log in to our Website using third-party accounts | - Account Information shared from third parties | - Our legitimate interests in providing a convenient and secure authentication experience | Unless we are obligated to preserve your personal information by applicable laws and regulations, we will retain and use your personal information until your Account is deregistered. |
To provide technical support, troubleshoot issues, and respond to your inquiries | - Account Information - Feedback - Communication Information - Log Data - Usage Data - Cookies | - Performance of a contract with you, where support is necessary to provide the Website and/or Services - Our legitimate interests in responding to inquiries and providing customer support, where applicable | Unless we are obligated to preserve your personal information by applicable laws and regulations, we will retain and use your personal information until your Account is deregistered. |
To send you marketing communications, where you have signed up to receive them | - Account Information - Communication Information | - Consent (where required under applicable law) | Unless required by applicable laws and regulations, we will retain your personal information for marketing purposes only until: you withdraw your consent for such marketing activities, or your Account is deregistered, whichever occurs first. |
To prevent, detect and respond to fraud, illegal activity, or misuses of our Website and/or Services, and to protect the security of our systems, Website and/or Services | - Account Information - User Content - Output Data - Log Data - Usage Data- Cookies | - Legitimate interests (preventing fraud, abuse, illegal activity, unauthorized use, and security incidents, and managing the security and Integrity of our Website and/or Services) - Legal obligation (where required by applicable laws) | Unless we are obligated to preserve your personal information by applicable laws and regulations, we will retain and use your personal information until your Account is deregistered. |
To maintain, analyze and improve our Website and/or Services | - Account Information - User Content - Feedback - Output Data - Log Data - Usage Data - Cookies | - Legitimate interests (maintaining, analyzing, and improving our Website and/or Services) | Unless we are obligated to preserve your personal information by applicable laws and regulations, we will retain and use your personal information until your Account is deregistered. |
To comply with legal obligations and to protect the rights, privacy, safety, or property of our users, us, or third parties. | - Account Information - User Content - Feedback - Communication Information - Output Data - Log Data - Usage Data - Cookies | - Comply with applicable legal obligations - Legitimate interests (protecting the rights, property, and safety of our users, ourselves, and third parties) | Unless we are obligated to preserve your personal information by applicable laws and regulations, we will retain and use your personal information until your Account is deregistered. |
Period of Retention and Processing of Personal Data
We will process and retain personal information within the period of retention and use under applicable laws and regulations or the period of retention and use agreed upon by the data subject at the time of collection of personal information and as specified in this Privacy Policy. In certain circumstances, we will need to keep your personal data for legal reasons after our relationship has ended.
However, in any of the following cases, we will process and retain the data until the relevant case ceases to exist.
1) Records on transactions, such as labeling and advertising, terms and conditions of contracts and their performance pursuant to Article 6 (Preservation, etc. of Transaction Records) of the Act on the Consumer Protection in Electronic Commerce, Etc.
• Records of cancellation of contract or offer, payment, supply of goods, etc.: five (5) years
• Records on the settlement of consumer complaints or disputes: three (3) years
• Records on labeling and advertising: Six (6) months
2) Article 85-3 (Record and Preservation of Books, etc.) of the Framework Act on National Tax
• Books and evidentiary documents concerning all transactions prescribed by tax laws: five (5) years
3) Article 22 (Creation, Preservation and Destruction of Electronic Financial Transaction Records) of the Electronic Financial Transactions Act
• Records on electronic financial transactions: five (5) years
Your Rights
Depending on where you live and subject to applicable laws, you may have certain statutory rights in relation to your personal data. For example, you may have the right to:
‒
access your personal data and obtain information relating to how it is processed;
‒
request the erasure of your personal data;
‒
update or correct your personal data;
‒
data portability (receive a copy of your Personal Data in a portable format, where applicable);
‒
restrict or object to the processing of your personal data;
‒
withdraw your consent; and/or
‒
make a complaint to the data protection agency in your country.
To exercise your rights, you may contact our Security and Compliance Department at DPO_Intl@alibabacloud.com. We will respond to your request within a reasonable timeframe. In relation to your data access requests, we will respond within 10 days.
However, the data subject's right to request access to and suspension of processing of his/her personal information may be limited pursuant to Articles 35(4) and 37(2) of the PIPA. In case a request is made to revise or delete certain personal information that is specified as being required to be collected under other laws and regulations, such personal information cannot be deleted.
Delegation of Processing of Personal data
We delegate the processing of personal data to delegates including our affiliates, and third-party service providers as described below, which may process personal data according to the purpose of the delegation:
Delegatee | Description of Delegated Services |
Alipay Singapore E-Commerce Private Limited | Payment instrument processing |
PayPal Holdings, Inc | Payment instrument processing |
FESCO Personnel HK Co., Limited | Customer Support |
ISOFTSTONE SDN. BHD. | Customer Support |
HISPANIC TELESERVICES CORPORATION | Customer Support |
Hangzhou Xutianyun Technology Co., Ltd. | Customer Support |
iSoftStone Technology Service Co., Ltd. | Customer Support |
Hangzhou Beyondsoft Information Technology Co., Ltd. | Customer Support |
Zhuoyue Jilian Technology Co., Ltd. | Customer Support |
Accenture Enterprise Cloud Technology (Hangzhou) Co., Ltd. | Customer Support |
Data Transfers to Overseas Country
We store the collected Personal Data in Singapore, for the purposes described in this Privacy Policy and until such purpose is achieved. The data is transmitted through information network, as needed. We may also transfer Personal Data overseas to our affiliates when necessary and through information network including API transfer. We may also share Personal Data with the following third-party service provider(s) outside of South Korea as described below according to the Article 28-8(1)1, 3 of PIPA:
Recipient (Contact Information of Information Manager) | Country to which Personal data is to be Transferred | Date and Method of Transfer | Items of Personal data to be Transferred | Purposes of Use by Recipients | Period of Retention of Use by Recipient |
Intelligent Cloud Computing (Singapore) Private Limited | Singapore | Transmission of data through information network as needed | Personal Data as described in this Privacy Policy | Purposes as described in this Privacy Policy | Until customer’s Account is deregistered |
Alipay Singapore E-Commerce Private Limited | Singapore | Transmission of data through information network as needed | Personal Data as described in this Privacy Policy | Payment instrument processing | Until contract is terminated or expired |
PayPal Holdings, Inc | US | Transmission of data through information network as needed | Personal Data as described in this Privacy Policy | Payment instrument processing | Until contract is terminated or expired |
FESCO Personnel HK Co., Limited | Hong Kong | Transmission of data through information network as needed | Personal Data as described in this Privacy Policy | Customer Support | Until contract is terminated or expired |
ISOFTSTONE SDN. BHD. | Malaysia | Transmission of data through information network as needed | Personal Data as described in this Privacy Policy | Customer Support | Until contract is terminated or expired |
HISPANIC TELESERVICES CORPORATION | US | Transmission of data through information network as needed | Personal Data as described in this Privacy Policy | Customer Support | Until contract is terminated or expired |
Hangzhou Xutianyun Technology Co., Ltd. | China | Transmission of data through information network as needed | Personal Data as described in this Privacy Policy | Customer Support | Until contract is terminated or expired |
iSoftStone Technology Service Co., Ltd. | China | Transmission of data through information network as needed | Personal Data as described in this Privacy Policy | Customer Support | Until contract is terminated or expired |
Hangzhou Beyondsoft Information Technology Co., Ltd. | China | Transmission of data through information network as needed | Personal Data as described in this Privacy Policy | Customer Support | Until contract is terminated or expired |
Zhuoyue Jilian Technology Co., Ltd. | China | Transmission of data through information network as needed | Personal Data as described in this Privacy Policy | Customer Support | Until contract is terminated or expired |
Accenture Enterprise Cloud Technology (Hangzhou) Co., Ltd. | China | Transmission of data through information network as needed | Personal Data as described in this Privacy Policy | Customer Support | Until contract is terminated or expired |
Where transfers are made based on your consent, you have the right to refuse the overseas transfer of personal information as set forth above. If you wish to refuse the overseas transfer of your personal information, please contact DPO_Intl@alibabacloud.com to communicate your request. However, if you refuse, you may not be able to use certain features of our Website and/or Services.
Additional Use and Provision of Personal data
In accordance with South Korea’s Personal Information Protection Act (the “PIPA”), we may use or provide personal data without your additional consent within the scope of reasonably related to the initial purpose of the collection, in consideration of whether disadvantages have been caused to data subjects and whether necessary measures have been taken to secure such as encryption, etc. We will determine with due care whether to use or provide personal data in consideration of general circumstances including relevant laws and regulations such as the PIPA, purpose of use or provision of personal data, how personal data will be used or provided, items of personal data to be used or provided, matters to which data subjects provided consent or which were notified/disclosed to data subjects, impact on data subjects upon the use or provision, and measures taken to protect subject information. Specific considerations are as follows:
• Whether the additional use/provision is related to the initial purpose of the collection;
• Whether the additional use/provision is foreseeable in light of the circumstances under which personal data was collected and practices regarding processing;
• Whether the additional use/provision unfairly infringe on the interests of the data subject; and
• Whether the necessary security measures such as pseudonymization or encryption were taken.
Measures to Ensure Security of Personal Data
The following measures are taken to ensure the safety of personal data.
• Managerial measures: Establishment and implementation of internal management plan, operation of dedicated organization to personal data, regular employee training;
• Technical measures: management of access rights to the personal data processing system, installation of an access control system, encryption of personal data, and installation and renewal of security programs;
• Physical measures: Control access to the data room, data storage room, etc.
Contact
If you have any questions or comments about the Privacy Policy and/or this Korea Addendum, if you need to report a problem, or if you would like us to update, amend, or request deletion of the information we have about you, please contact our Chief Privacy Officer (or department in charge of personal data protection) at:
• Department in Charge of Protection of Personal data
• Name of Department: Security and Compliance
• Telephone number: +82 2 3016 8733
Domestic Privacy Representative
The information regarding the domestic agent is as follows:
• Company Name: DR & AJU LLC; Representative Director: Kichul Lee
• Address: 7-16th floor, Donghoon Tower, 317 Teheran-ro, Gangnam-gu, Seoul, South Korea
• Telephone number: +82 2 3016 8733
If you need to report or consult about a personal data infringement issue, please contact:
• Personal Information Infringement Report Center (website: privacy.kisa.or.kr; phone: 118)
• Personal Information Dispute Mediation Committee (website: www.kopico.go.kr; phone: 1833-6972)
• Supreme Prosecutors' Office (website: www.spo.go.kr; phone: 1301)
• Cyber Investigation Bureau of the National Police Agency (website: ecrm.cyber.go.kr;phone: 182)